CVE-2025-66500
MED 6.3A stored cross-site scripting (XSS) vulnerability exists in webplugins.foxit.com. A postMessage handler fails to validate the message origin and directly assigns externalPath to a script source, allowing an attacker to execute arbitrary JavaScript when a crafted postMessage is received.
Affected Applications in Environment
18
Editor
v7.1
1 device
PDF Reader
v2024.3.0.26795
23 devices
PDF Reader
v2024.2.3.25184
3 devices
PDF Reader
v2026.1.0.36452
1 device
PDF Reader
v2025.2.0.33046
2 devices
PDF Reader
v12.1.0.15250
2 devices
PDF Reader
v2024.4.0.27683
1 device
PDF Reader
v2023.2.0.21408
2 devices
PDF Reader
v2023.3.0.23028
2 devices
PDF Reader
v2025.3.0.35737
2 devices
PDF Reader
v12.0.1.12430
1 device
PDF Reader
v12.0.0.12394
1 device
PDF Reader
v2025.2.1.69005 (2025.2.0.68868)
1 device
PDF Reader
v2025.2.1.33197
1 device
PDF Reader
v2024.1.0.23997
1 device
PDF Reader
v2025.2.1.69005
1 device
PDF Reader
v2025.1.0.27937
1 device
PDF Reader
v12.1.2.15332
1 device
Affected Devices
46
AIRPORT2312-02
Windows
ATWOOD-453Z1G3
Windows
COX12
Windows
DESKTOP-15U41CQ
Windows
DESKTOP-2UD952N
Windows
DESKTOP-A27UL0P
Windows
DESKTOP-OMEN
Windows
DPEBIE-5171H8C
Windows
DPEDUC-L13245D2
Windows
DPEECE-O5294VPL
Windows
DPEFSN-2H0KYD3
Windows
DPEMAE-5171VCC
Windows
DPEMAE-7242KJS
Windows
DPEMAE-7242KKC
Windows
DPITED-A7242KKG
Windows
ENGL-RBW416-D06
Windows
HELIOS
Windows
MICROFILM2000-H
Windows
MXL1172G4V-1877
Windows
MXL1172G4W-1877
Windows
MXL1172G4X-1877
Windows
MXL1172G4Y-1877
Windows
MXL1172G50-1877
Windows
MXL1172G51-1877
Windows
MXL1172G55-1877
Windows
MXL1172G57-1877
Windows
MXL1172G58-1877
Windows
MXL1172G5D-1877
Windows
MXL1172G5F-1877
Windows
MXL1172G5G-1883
Windows
MXL1172G5H-1877
Windows
MXL1172G5J-1877
Windows
MXL1172G5K-1877
Windows
MXL1172G5N-1877
Windows
MXL1172G5V-1877
Windows
MXL1172G5Z-1877
Windows
MXL1172G62-1877
Windows
MXL1172G64-1877
Windows
MXL1314RT5-1883
Windows
MXL1314RTV-1883
Windows
MXL1314RV3-1883
Windows
SGOSNEYLAPTOP
Windows
SSWA-ATEM-D9010
Windows
USULOAN257
Windows
USULOAN386
Windows
a02459287-GCN22J0PJ7
Mac