Foxit PDF Editor XSS Vulnerability

MEDIUM (6.3) No Patch
cwe-79foxitpage-templatespdf-editorremote-exploitationxss

Threat Intelligence

Low Risk
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

Foxit PDF Editor is a popular software for viewing and editing PDF files. The vulnerability in Foxit PDF Editor allows attackers to inject malicious scripts into the editor's Page Templates feature, which can be executed when an affected PDF is loaded.

Am I affected?

You're affected if you use Foxit PDF Editor version 9.3.1r4 or earlier. To check if your installation is vulnerable, run the following command:

find / -name "foxitpdfeditor*.exe" 2>/dev/null

Note: This vulnerability does not affect other Foxit software products.

Affected Products

Foxit Software / Foxit PDF Editor

How to fix

To fix this vulnerability, upgrade to Foxit PDF Editor version 9.3.1r5 or later from the official Foxit website: https://www.foxit.com/support/download.html

Immediate mitigations:

  • Disable the Page Templates feature until a patch is available.
  • Use a different PDF editor that does not have this vulnerability.

References