Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the file upload feature. A malicious username is embedded into the upload file list without proper escaping,

Description

Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the file upload feature. A malicious username is embedded into the upload file list without proper escaping, allowing arbitrary JavaScript execution when the list is displayed. This issue affects pdfonline.foxit.com: before 2026‑02‑03.

Affected Products

Vendor	Product	Versions
foxit	pdf_editor_cloud	< 2026-02-03

References

https://www.foxit.com/support/security-bulletins.html(Vendor Advisory)

Related News (1 articles)

Tier B

BSI Advisories6h ago

[NEU] [mittel] Foxit PDF Editor und Reader: Mehrere Schwachstellen

→ No new info (linked only)

CVSS 3.16.3 MEDIUM

VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N

CISA KEV❌ No

Actively exploited❌ No

Patch available2026-02-03

CWECWE-79

PublishedFeb 3, 2026

Last enriched4d ago

Trending Score23

Source articles1

Independent1

Info Completeness8/14

Missing: epss, kev, exploit, patch, iocs, mitre_attack

Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the file upload feature. A malicious username is embedded into the upload file list without proper escaping,

Description

Affected Products

References

Related News (1 articles)

Community Vote

Related CVEs (1)

Pin to Dashboard

Verification

Vulnerability Timeline