← back
CVE-2026-1592

Stored XSS via Create New Layer Field found in Foxit PDF Editor Cloud

CVSS 6.3 MEDIUMEPSS 0.2%CWE-79
Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the Create New Layer feature. Unsanitized user input is embedded into the HTML output, allowing arbitrary JavaScript execution when the layer is referenced. This issue affects pdfonline.foxit.com: before 2026‑02‑03.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
Affected products
Foxit Software Inc. · pdfonline.foxit.com

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.foxit.com/support/security-bulletins.html