VYPR
Medium severity6.1NVD Advisory· Published Jan 20, 2026· Updated Apr 9, 2026

CVE-2025-66523

CVE-2025-66523

Description

URL parameters are directly embedded into JavaScript code or HTML attributes without proper encoding or sanitization. This allows attackers to inject arbitrary scripts when an authenticated user visits a crafted link.

This issue affects na1.foxitesign.foxit.com: before 2026‑01‑16.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • cpe:2.3:a:foxit:esign:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:foxit:esign:*:*:*:*:*:*:*:*range: <2026-01-16
    • (no CPE)range: <2026-01-16

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.