Medium severity6.1NVD Advisory· Published Jan 20, 2026· Updated Apr 9, 2026
CVE-2025-66523
CVE-2025-66523
Description
URL parameters are directly embedded into JavaScript code or HTML attributes without proper encoding or sanitization. This allows attackers to inject arbitrary scripts when an authenticated user visits a crafted link.
This issue affects na1.foxitesign.foxit.com: before 2026‑01‑16.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:foxit:esign:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:foxit:esign:*:*:*:*:*:*:*:*range: <2026-01-16
- (no CPE)range: <2026-01-16
Patches
Vulnerability mechanics
References
1- www.foxit.com/support/security-bulletins.htmlnvdVendor Advisory
News mentions
0No linked articles in our index yet.