Description
In the PdfViewer component, a Cross-Site Scripting (XSS) vulnerability is possible if a specially-crafted document has already been loaded and the user engages with a tool that requires the DOM to be re-rendered.
Published: 2025-07-02
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-19729 In the PdfViewer component, a Cross-Site Scripting (XSS) vulnerability is possible if a specially-crafted document has already been loaded and the user engages with a tool that requires the DOM to be re-rendered.
History

Wed, 02 Jul 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 02 Jul 2025 14:45:00 +0000

Type Values Removed Values Added
Description In the PdfViewer component, a Cross-Site Scripting (XSS) vulnerability is possible if a specially-crafted document has already been loaded and the user engages with a tool that requires the DOM to be re-rendered.
Title Cross-Site Scripting (XSS) in PdfViewer
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: ProgressSoftware

Published:

Updated: 2025-07-02T14:54:14.971Z

Reserved: 2025-06-26T14:27:40.423Z

Link: CVE-2025-6725

cve-icon Vulnrichment

Updated: 2025-07-02T14:54:11.541Z

cve-icon NVD

Status : Deferred

Published: 2025-07-02T15:15:28.523

Modified: 2026-06-17T10:02:27.443

Link: CVE-2025-6725

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses