CVE-2025-66523 MEDIUM

CVE-2025-66523: Reflected Cross-Site Scripting (XSS) Vulnerability in na1.foxitesign.foxit.com via Unsanitized URL Parameters

Vendor Foxit Software Inc.
Product na1.foxitesign.foxit.com
Weakness CWE-79 · XSS
Published January 20, 2026
Last update January 20, 2026
View on NVD All CVEs

CVSS base score

6.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

URL parameters are directly embedded into JavaScript code or HTML attributes without proper encoding or sanitization. This allows attackers to inject arbitrary scripts when an authenticated user visits a crafted link. This issue affects na1.foxitesign.foxit.com: before 2026‑01‑16.

Key dates

02Disclosure timeline

January 20, 2026 CVE published
January 20, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-22711 WordPress IMPress Listings Plugin <= 2.6.2 is vulnerable to Cross Site Scripting (XSS) CVE-2024-26049 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2024-50449 WordPress PDF Generator Addon for Elementor Page Builder plugin <= 1.7.4 - Cross Site Scripting (XSS) vulnerability CVE-2024-5312 Cross-Site Scripting vulnerability in PHP Server Monitor CVE-2021-24923 Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue < 3.1.25 - Reflected XSS