CVE-2026-1592

MEDIUM

Foxit PDF Editor Cloud <2026-02-03 - XSS

Title source: llm

Description

Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the Create New Layer feature. Unsanitized user input is embedded into the HTML output, allowing arbitrary JavaScript execution when the layer is referenced. This issue affects pdfonline.foxit.com: before 2026‑02‑03.

References (1)

[Various Sources] https://www.foxit.com/support/security-bulletins.html

Scores

CVSS v3 6.3

EPSS 0.0004

EPSS Percentile 12.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N

Classification

CWE

CWE-79

Status published

Affected Products (1)

foxit/pdf_editor_cloud < 2026-02-03

Timeline

Published Feb 03, 2026

Tracked Since Feb 18, 2026