CVE-2026-1591 – Stored XSS via Attachments Feature in https://pdfonline.foxit.com/

CVE ID : CVE-2026-1591

Published : Feb. 3, 2026, 8:16 a.m. | 1 hour, 1 minute ago

Description : Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the file upload feature. A malicious username is embedded into the upload file list without proper escaping, allowing arbitrary JavaScript execution when the list is displayed.

This issue affects pdfonline.Foxit.Com: before 2026‑02‑01.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2025-7760 – Reflected XSS in Ofisimo’s Association Web Package Flora

CVE-2026-1432 – SQL injection (SQLi) on the Buroweb platform

CVE-2025-11598 – Exposure of Confidential Information in mObywatel application

CVE-2026-1664 – Insecure Direct Object Reference (IDOR) via Header-Based Email Routing