VYPR
Unrated severityNVD Advisory· Published Feb 3, 2026· Updated Feb 3, 2026

Stored XSS via Attachments Feature in https://pdfonline.foxit.com/

CVE-2026-1591

Description

Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the file upload feature. A malicious username is embedded into the upload file list without proper escaping, allowing arbitrary JavaScript execution when the list is displayed.

This issue affects pdfonline.foxit.com: before 2026‑02‑03.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Range: <2026-02-03
  • Foxit Software Inc./pdfonline.foxit.comv5
    Range: before 2026‑02‑03

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.