VYPR

Esign

by Foxitsoftware

CVEs (3)

  • CVE-2026-4947HigApr 1, 2026
    risk 0.46cvss 7.1epss 0.00

    Addressed a potential insecure direct object reference (IDOR) vulnerability in the signing invitation acceptance process. Under certain conditions, this issue could have allowed an attacker to access or modify unauthorized resources by manipulating user-supplied object…

  • CVE-2025-66523MedJan 20, 2026
    risk 0.40cvss 6.1epss 0.00

    URL parameters are directly embedded into JavaScript code or HTML attributes without proper encoding or sanitization. This allows attackers to inject arbitrary scripts when an authenticated user visits a crafted link. This issue affects na1.foxitesign.foxit.com: before…

  • CVE-2025-66501Dec 19, 2025
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability exists in pdfonline.foxit.com within the Predefined Text feature of the Foxit eSign section. A crafted payload can be stored via the Identity “First Name” field, which is later rendered into the DOM without proper…