CVE-2021-27517
20.07.2021, 12:15
Foxit PDF SDK For Web through 7.5.0 allows XSS. There is arbitrary JavaScript code execution in the browser if a victim uploads a malicious PDF document containing embedded JavaScript code that abuses app.alert (in the Acrobat JavaScript API).
| Vendor | Product | Version |
|---|---|---|
| foxit | phantompdf | 𝑥 ≤ 9.7.5.29616 |
| foxit | phantompdf | 10.0.0.0 ≤ 𝑥 ≤ 10.1.3.37598 |
| foxit | reader | 𝑥 ≤ 10.1.3.37598 |
𝑥
= Vulnerable software versions