cbcvebase.
CVE-2026-1592
published 2026-02-03

CVE-2026-1592: Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the Create New Layer feature. Unsanitized user input is embedded…

medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the Create New Layer feature. Unsanitized user input is embedded into the HTML output, allowing arbitrary JavaScript execution when the layer is referenced. This issue affects pdfonline.foxit.com: before 2026‑02‑03.

Affected

2 ranges
VendorProductVersion rangeFixed in
foxitpdf_editor_cloud< 2026-02-032026-02-03
foxit_software_incpdfonline.foxit.com