SecurityWeek reports that widely used PDF platforms Apryse and Foxit have been impacted by 16 vulnerabilities that could be leveraged to facilitate account takeovers and data theft.Both the Apryse WebViewer and Foxit PDF cloud services had DOM-based cross-site scripting, stored and reflected XSS, server-side request forgery, path traversal, and OS command injection flaws, according to Novee researchers. Tests showed attackers could use crafted documents, messages, or URLs to run code, manipulate files or maintain persistent compromise, especially when viewers were embedded in authenticated applications. Some weaknesses required only a single request and targeted trusted domains commonly integrated into enterprise software."Several vulnerabilities were exploitable with a single request and affected trusted domains commonly embedded inside enterprise applications," the security firm said.Both vendors said the problems were responsibly disclosed and fixed through updates and configuration changes. They noted working with researchers during remediation and strengthened security measures after receiving the report. The analysis was powered by specialized AI agents.
Vulnerability Management, Patch/Configuration Management
Account hijacking, data theft likely with Foxit, Apryse flaws

Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



