CVE-2021-27517: XSS
First published: Tue Jul 20 2021(Updated: )
Foxit PDF SDK For Web through 7.5.0 allows XSS. There is arbitrary JavaScript code execution in the browser if a victim uploads a malicious PDF document containing embedded JavaScript code that abuses app.alert (in the Acrobat JavaScript API).
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Foxit PhantomPDF | <=9.7.5.29616 | |
| Foxit PhantomPDF | >=10.0.0.0<=10.1.3.37598 | |
| Foxit Reader | <=10.1.3.37598 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2021-27517?
CVE-2021-27517 is a vulnerability in Foxit PDF SDK For Web through 7.5.0 that allows XSS (Cross-Site Scripting).
How does CVE-2021-27517 work?
CVE-2021-27517 allows arbitrary JavaScript code execution in the browser if a victim uploads a malicious PDF document containing embedded JavaScript code that abuses the app.alert function in the Acrobat JavaScript API.
What is the severity of CVE-2021-27517?
The severity of CVE-2021-27517 is medium with a CVSS score of 6.1.
Which software is affected by CVE-2021-27517?
Foxit PhantomPDF versions up to 9.7.5.29616, Foxit PhantomPDF versions between 10.0.0.0 and 10.1.3.37598, and Foxit Reader versions up to 10.1.3.37598 are affected by CVE-2021-27517.
How can I fix CVE-2021-27517?
To fix CVE-2021-27517, users should update Foxit PDF SDK For Web to version 7.5.1 or later.
- collector/nvd-index
- vendor/foxit
- canonical/foxit phantompdf
- version/foxit phantompdf/9.7.5.29616
- version/foxit phantompdf/10.0.0.0
- version/foxit phantompdf/10.1.3.37598
- canonical/foxit reader
- version/foxit reader/10.1.3.37598