CVE-2026-1591
Stored XSS via Attachments Feature in https://pdfonline.foxit.com/
Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the file upload feature. A malicious username is embedded into the upload file list without proper escaping, allowing arbitrary JavaScript execution when the list is displayed.
This issue affects pdfonline.foxit.com: before 2026‑02‑03.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
Productos afectados
Foxit Software Inc. · pdfonline.foxit.com¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →