CVE-2025-66523

MEDIUM
2026-01-20 14984358-7092-470d-8f34-ade47a7658a2
XSS
6.1
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Jan 20, 2026 - 07:15 nvd
MEDIUM 6.1

DescriptionNVD

URL parameters are directly embedded into JavaScript code or HTML attributes without proper encoding or sanitization. This allows attackers to inject arbitrary scripts when an authenticated user visits a crafted link.

This issue affects na1.foxitesign.foxit.com: before 2026‑01‑16.

AnalysisAI

URL parameters are directly embedded into JavaScript code or HTML attributes without proper encoding or sanitization. This allows attackers to inject arbitrary scripts when an authenticated user visits a crafted link. [CVSS 6.1 MEDIUM]

Technical ContextAI

Classified as CWE-79 (Cross-site Scripting (XSS)). URL parameters are directly embedded into JavaScript code or HTML attributes without proper encoding or sanitization. This allows attackers to inject arbitrary scripts when an authenticated user visits a crafted link.

This issue affects na1.foxitesign.foxit.com: before 2026‑01‑16.

Affected ProductsAI

URL parameters are directly embedded into JavaScript code or HTML attributes without proper encoding or sanitization

RemediationAI

Monitor vendor advisories for a patch. Implement output encoding and Content Security Policy headers. Restrict network access to the affected service where possible.

Share

CVE-2025-66523 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy