Arbitrary JavaScript Execution in Foxit PDF SDK For Web through 7.5.0 via Malicious PDF Upload

Arbitrary JavaScript Execution in Foxit PDF SDK For Web through 7.5.0 via Malicious PDF Upload

CVE-2021-27517 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Foxit PDF SDK For Web through 7.5.0 allows XSS. There is arbitrary JavaScript code execution in the browser if a victim uploads a malicious PDF document containing embedded JavaScript code that abuses app.alert (in the Acrobat JavaScript API).

Learn more about our Web App Pen Testing.