wid-sec-w-2026-0934 · Published 2026-03-30 · View on BSI CERT-Bund ↗

Foxit PDF Editor and Reader: Multiple Vulnerabilities

CVSS 7.8 HIGH

Risk Summary

URL parameters are directly embedded into JavaScript code or HTML attributes without proper encoding or sanitization. This allows attackers to inject arbitrary scripts when an authenticated user visits a crafted link. This issue affects na1.foxitesign.foxit.com: before 2026‑01‑16.

CVEs (11)

CVE-2025-66523 CVE-2026-1591 CVE-2026-1592 CVE-2026-3774 CVE-2026-3775 CVE-2026-3776 CVE-2026-3777 CVE-2026-3778 CVE-2026-3779 CVE-2026-3780 CVE-2026-4947

Affected Vendors

Foxit

Affected Products (4)

Foxit · PDF Editor <2026.1

Foxit · PDF Editor 2026.1

Foxit · PDF Reader <2026.1

Foxit · PDF Reader 2026.1

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more