Description
URL parameters are directly embedded into JavaScript code or HTML attributes without proper encoding or sanitization. This allows attackers to inject arbitrary scripts when an authenticated user visits a crafted link. This issue affects na1.foxitesign.foxit.com: before 2026‑01‑16.
References (1)
Core 1
Core References
Various Sources
https://www.foxit.com/support/security-bulletins.html
Scores
CVSS v3
6.1
EPSS
0.0006
EPSS Percentile
17.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (2)
foxit/esign
< 2026-01-16
Foxit Software Inc./na1.foxitesign.foxit.com
before 2026‑01‑16
Published
Jan 20, 2026
Tracked Since
Feb 18, 2026