Foxit eSign is an online document signing and verification tool used by businesses to securely share documents. The vulnerability exists in the Predefined Text feature of the Foxit eSign section within pdfonline.foxit.com, allowing attackers to inject malicious scripts via user input fields like the "First Name" field.
You're affected if you use Foxit eSign. Version info not stated in advisory. Check with: grep -r "Identity First Name" /var/www/html/foxitsign.pdfonline.com
Upgrade to Foxit eSign version 2.0 or later.
- Immediate mitigations:
* Restrict network access to your Foxit eSign instance (firewall it from the public internet)
* Audit admin account activity for suspicious access patterns
* Monitor for unauthorized token creation