CVE-2026-1592 – Stored XSS via Create New Layer Field found in Foxit PDF Editor Cloud

CVE ID : CVE-2026-1592

Published : Feb. 3, 2026, 8:16 a.m. | 1 hour, 1 minute ago

Description : Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the Create New Layer feature. Unsanitized user input is embedded into the HTML output, allowing arbitrary JavaScript execution when the layer is referenced.

This issue affects pdfonline.Foxit.Com: before 2026‑02‑01.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…