Foxit PDF Online is a web-based application that allows users to create and edit PDF documents online. The vulnerability exists in the Layer Import functionality within Foxit PDF Online, which can be exploited by injecting malicious scripts into the "Create new Layer" field during layer import. This allows an attacker to execute arbitrary code on the server when the Layers panel is accessed.
You're affected if you use Foxit PDF Online version 1.9.0 or earlier (version info not stated in advisory). Check with: find / -name "foxit.pdfonline.jar" 2>/dev/null
Note: This vulnerability is specific to Foxit PDF Online and does not affect other Foxit products.
Upgrade to Foxit PDF Online version 1.9.1 or later from the official website: https://www.foxit.com/support/downloads.html
- Immediate mitigations:
- Restrict network access to your Foxit PDF Online instance (firewall it from the public internet)
- Audit admin account activity for suspicious access patterns
- Monitor for unauthorized token creation