Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the Create New Layer feature. Unsanitized user input is embedded into the HTML output, allowing arbitrary Jav

Description

Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the Create New Layer feature. Unsanitized user input is embedded into the HTML output, allowing arbitrary JavaScript execution when the layer is referenced. This issue affects pdfonline.foxit.com: before 2026‑02‑03.

Affected Products

Vendor	Product	Versions
foxit	pdf_editor_cloud	< 2026-02-03

References

https://www.foxit.com/support/security-bulletins.html(Vendor Advisory)

Related News (1 articles)

Tier B

BSI Advisories4h ago

[NEU] [mittel] Foxit PDF Editor und Reader: Mehrere Schwachstellen

→ No new info (linked only)

CVSS 3.16.3 MEDIUM

VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N

CISA KEV❌ No

Actively exploited❌ No

Patch available2026-02-03

CWECWE-79

PublishedFeb 3, 2026

Last enriched4d ago

Trending Score23

Source articles1

Independent1

Info Completeness8/14

Missing: epss, kev, exploit, patch, iocs, mitre_attack

Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the Create New Layer feature. Unsanitized user input is embedded into the HTML output, allowing arbitrary Jav

Description

Affected Products

References

Related News (1 articles)

Community Vote

Related CVEs (1)

Pin to Dashboard

Verification

Vulnerability Timeline