CVE-2025-66523 | HackTesting

URL parameters are directly embedded into JavaScript code or HTML attributes without proper encoding or sanitization. This allows attackers to inject arbitrary scripts when an authenticated user visits a crafted link. This issue affects na1.foxitesign.foxit.com: before 2026‑01‑16.

Credits

Novee

References

https://www.foxit.com/support/security-bulletins.html