"Novee's analysis - powered by specialized AI agents - led to the discovery of 16 vulnerabilities across Apryse and Foxit products. One critical and two high-severity vulnerabilities were found in Apryse products, and two high-severity and 11 medium-severity issues were identified in Foxit products. The list of flaws includes DOM XSS, SSRF, stored and reflected XSS, path traversal, and OS command injection vulnerabilities."
"Novee's research targeted Apryse WebViewer and Foxit PDF cloud services. Apryse WebViewer, formerly PDFTron, is a JavaScript-based document SDK and UI component library that enables developers to embed viewing, annotation, editing, and conversion features directly into web applications and browsers. Foxit PDF cloud services, such as Foxit PDF Editor Cloud, are browser-based PDF solutions that provide a full-featured platform for viewing, creating, editing, annotating, organizing, converting, securing, exporting, and signing PDF documents and forms."
Novee discovered 16 vulnerabilities across Apryse and Foxit PDF platforms, including one critical, multiple high-severity, and several medium-severity flaws. The flaws comprised DOM XSS, SSRF, stored and reflected XSS, path traversal, and OS command injection, enabling account takeover, data exfiltration, arbitrary code or command execution. Novee targeted Apryse WebViewer and Foxit PDF cloud services and used specialized AI agents during analysis. Vulnerabilities could be triggered via specially crafted documents, URLs, or messages, and several were exploitable with a single request affecting trusted domains embedded in enterprise applications. Foxit and Apryse were notified and have patched the reported issues.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]