EXODUS BLOG

Advisories

Foxit PhantomPDF extractPages Arbitrary File Write Remote Code Execution Vulnerability

AUGUST 24, 2021

EIP-a5cba843 The vulnerability exists within the JavaScript PDF API exposed by Foxit PhantomPDF. The extractPages method of the Document object does not properly validate the export path argument, allowing arbitrary files to be written...

Foxit PhantomPDF loadHtmlView Context Level Bypass Vulnerability

AUGUST 23, 2021

EIP-617871b4 The vulnerability exists within the JavaScript PDF API exposed by Foxit PhantomPDF. The loadHtmlView method of the app object invokes attacker-controlled JavaScript code in a privileged context. An attacker can create a specially...

← Previous 1 … 8 9