Stored XSS via Create New Layer Field found in Foxit...

6.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N

Description

Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the Create New Layer feature. Unsanitized user input is embedded into the HTML output, allowing arbitrary JavaScript execution when the layer is referenced.

This issue affects pdfonline.Foxit.Com: before 2026‑02‑01.

Basic Information

ID CVE-2026-1592

Source Foxit

Published Feb 3, 2026 at 07:59

Affected Product

Vendor Foxit Software Inc.

Product pdfonline.foxit.com

Version before 2026‑02‑01

Affected Versions Foxit Software Inc. pdfonline.foxit.com before 2026‑02‑01

CWE Classification

CWE-79

References

www.foxit.com /support/security-bulletins.html

{
    "lastseen": "",
    "description": "Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the Create New Layer feature. Unsanitized user input is embedded into the HTML output, allowing arbitrary JavaScript execution when the layer is referenced.\n\nThis issue affects pdfonline.Foxit.Com: before 2026\u201102\u201101.",
    "published": "2026-02-03T07:59:13.097Z",
    "modified": "2026-02-03T07:59:13.097Z",
    "type": "cve",
    "title": "Stored XSS via Create New Layer Field found in Foxit PDF Editor Cloud",
    "source": "Foxit",
    "references": "https://www.foxit.com/support/security-bulletins.html",
    "id": "CVE-2026-1592",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "Foxit Software Inc. pdfonline.foxit.com before 2026\u201102\u201101",
    "sourceHref": "",
    "cvss": {
        "score": 6.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "pdfonline.foxit.com",
    "version": "before 2026\u201102\u201101",
    "vendor": "Foxit Software Inc.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Stored XSS via Create New Layer Field found in Foxit PDF Editor Cloud_CVE-2026-1592