Foxit PDF Reader and PDF Editor prior to 11.1 on macOS allow remote malicious users to execute arbitrary code via getURL in the JavaScript API.
foxit pdf editor
foxit pdf reader