Pdf Editor Cloud
CVE-2026-1592
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the Create New Layer feature. Unsanitized user input is embedded into the HTML output, allowing arbitrary JavaScript execution when the layer is referenced.
This issue affects pdfonline.foxit.com: before 2026‑02‑03.
AnalysisAI
Stored cross-site scripting in Foxit PDF Editor Cloud's Create New Layer feature allows authenticated attackers to execute arbitrary JavaScript by injecting malicious code that persists when layers are accessed by other users. The vulnerability affects pdfonline.foxit.com versions prior to 2026-02-03 and requires user interaction to trigger. No patch is currently available.
Technical ContextAI
Classified as CWE-79 (Cross-site Scripting (XSS)). Affects Pdf Editor Cloud. Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the Create New Layer feature. Unsanitized user input is embedded into the HTML output, allowing arbitrary JavaScript execution when the layer is referenced.
This issue affects pdfonline.foxit.com: before 2026‑02‑03.
RemediationAI
Monitor vendor advisories for a patch. Implement output encoding and Content Security Policy headers. Restrict network access to the affected service where possible.
More in Pdf Editor Cloud
View allSame weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today