CVE-2021-27517

Name
CVE-2021-27517
Description
Foxit PDF SDK For Web through 7.5.0 allows XSS. There is arbitrary JavaScript code execution in the browser if a victim uploads a malicious PDF document containing embedded JavaScript code that abuses app.alert (in the Acrobat JavaScript API).
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://www.foxitsoftware.com/support/security-bulletins.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:foxit:phantompdf:*:*:*:*:*:*:*:* phantompdf >= None <= 9.7.5.29616
cpe:2.3:a:foxit:phantompdf:*:*:*:*:*:*:*:* phantompdf >= 10.0.0.0 <= 10.1.3.37598
cpe:2.3:a:foxit:reader:*:*:*:*:*:*:*:* reader >= None <= 10.1.3.37598

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
reader 3.19-community 0.4.4-r4 Adam Thiede <me@adamthiede.com> possibly vulnerable
reader edge-community 0.4.4-r6 Adam Thiede <me@adamthiede.com> possibly vulnerable
reader 3.20-community 0.4.4-r6 Adam Thiede <me@adamthiede.com> possibly vulnerable