CVE-2026-1591
Stored XSS via Attachments Feature in https://pdfonline.foxit.com/
Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the file upload feature. A malicious username is embedded into the upload file list without proper escaping, allowing arbitrary JavaScript execution when the list is displayed.
This issue affects pdfonline.foxit.com: before 2026‑02‑03.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
Produtos afetados
Foxit Software Inc. · pdfonline.foxit.comQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →