CVE-2026-1592 MEDIUM

CVE-2026-1592: Stored XSS via Create New Layer Field found in Foxit PDF Editor Cloud

Vendor Foxit Software Inc.
Product pdfonline.foxit.com
Weakness CWE-79 · XSS
Published February 3, 2026
Last update February 4, 2026
View on NVD All CVEs

CVSS base score

6.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N

What the vulnerability does

01Description

Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the Create New Layer feature. Unsanitized user input is embedded into the HTML output, allowing arbitrary JavaScript execution when the layer is referenced. This issue affects pdfonline.foxit.com: before 2026‑02‑03.

Key dates

02Disclosure timeline

February 3, 2026 CVE published
February 4, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-52829 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2023-37898 Safe mode Cross-site Scripting (XSS) vulnerability in Joplin CVE-2025-47002 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2024-44007 WordPress SKT Templates – Elementor & Gutenberg templates plugin <= 6.14 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2025-4439 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab