CVE-2026-1592

CWE-79Cross-site Scripting (XSS)4 documents4 sources
Severity
5.4MEDIUM
EPSS
0.0%
top 84.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Foxit PDF Editor CloudFoxit Software Inc. Pdfonline.foxit.com
Timeline
PublishedFeb 3

Description

Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the Create New Layer feature. Unsanitized user input is embedded into the HTML output, allowing arbitrary JavaScript execution when the layer is referenced. This issue affects pdfonline.foxit.com: before 2026‑02‑03.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:NExploitability: 2.1 | Impact: 4.2

Affected Packages2 packages

NVDfoxit/pdf_editor_cloud< 2026-02-03
CVEListV5foxit_software_inc./pdfonline.foxit.combefore 2026‑02‑03

🔴Vulnerability Details

2
GHSA
GHSA-2whf-r4r4-c662: Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the Create New Layer feature2026-02-03
CVEList
Stored XSS via Create New Layer Field found in Foxit PDF Editor Cloud2026-02-03
CVE-2026-1592 (MEDIUM CVSS 5.4) | Foxit PDF Editor Cloud (pdfonline) | cvebase.io