A cross-site scripting (XSS) vulnerability exists in the PDF preview functionality of uTools thru 7.1.1. When a user previews a specially crafted PDF file, embedded JavaScript code executes within the application's privileged context, potentially allowing attackers to steal sensitive data or perform unauthorized actions.
Metrics
Affected Vendors & Products
References
History
Tue, 02 Sep 2025 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-79 | |
Metrics |
cvssV3_1
|
Tue, 02 Sep 2025 18:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A cross-site scripting (XSS) vulnerability exists in the PDF preview functionality of uTools thru 7.1.1. When a user previews a specially crafted PDF file, embedded JavaScript code executes within the application's privileged context, potentially allowing attackers to steal sensitive data or perform unauthorized actions. | |
References |
|

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2025-09-02T19:44:07.875Z
Reserved: 2025-06-16T00:00:00.000Z
Link: CVE-2025-51966

Updated: 2025-09-02T19:44:03.736Z

Status : Received
Published: 2025-09-02T18:15:35.237
Modified: 2025-09-02T20:15:34.680
Link: CVE-2025-51966

No data.

No data.