Unrated severityNVD Advisory· Published Dec 19, 2025· Updated Dec 19, 2025
Foxit pdfonline.foxit.com Stored Cross-Site Scripting in Digital IDs Common Name Field
CVE-2025-66522
Description
A stored cross-site scripting (XSS) vulnerability exists in the Digital IDs functionality of the Foxit PDF Editor Cloud (pdfonline.foxit.com). The application does not properly sanitize or encode the Common Name field of Digital IDs before inserting user-supplied content into the DOM. As a result, embedded HTML or JavaScript may execute whenever the Digital IDs dialog is accessed or when the affected PDF is loaded.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Foxit Software Inc./pdfonline.foxit.comv5Range: before 2025‑12‑01
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.