Stored Cross-Site Scripting Vulnerability in Foxit PDF Editor Cloud
CVE-2026-1592

6.3MEDIUM

Key Information:

Vendor: Foxit Inc.
Status: PDFonline.foxit.com
Vendor: CVE Published:; 3 February 2026

What is CVE-2026-1592?

Foxit PDF Editor Cloud (pdfonline) has a serious vulnerability related to stored cross-site scripting within its Create New Layer feature. The vulnerability arises from unsanitized user input being embedded in the HTML output, which could lead to the execution of arbitrary JavaScript when the affected layer is accessed. This poses significant security risks, as attackers can manipulate the content and execute malicious scripts, potentially compromising user data and system integrity. It is crucial for users to apply available updates and follow security best practices to safeguard against this vulnerability.

Affected Version(s)

pdfonline.foxit.com before 2026‑02‑03

References

https://www.foxit.com/support/security-bulletins.html

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 3, 2026
Vulnerability Reserved
Jan 29, 2026

Credit

Novee

CVE-2026-1592 Data

JSON