{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1591", "assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2", "state": "PUBLISHED", "assignerShortName": "Foxit", "dateReserved": "2026-01-29T07:31:14.294Z", "datePublished": "2026-02-03T07:57:27.281Z", "dateUpdated": "2026-02-03T18:47:39.727Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "pdfonline.foxit.com", "vendor": "Foxit Software Inc.", "versions": [{"status": "affected", "version": "before 2026\u201102\u201103"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Novee"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the file upload feature. A malicious username is embedded into the upload file list without proper escaping, allowing arbitrary JavaScript execution when the list is displayed.</span>\n\n<p>This issue affects pdfonline.foxit.com: before 2026\u201102\u201103.</p>"}], "value": "Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the file upload feature. A malicious username is embedded into the upload file list without proper escaping, allowing arbitrary JavaScript execution when the list is displayed.\n\nThis issue affects pdfonline.foxit.com: before 2026\u201102\u201103."}], "impacts": [{"descriptions": [{"lang": "en", "value": "Potential arbitrary JavaScript execution"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "14984358-7092-470d-8f34-ade47a7658a2", "shortName": "Foxit", "dateUpdated": "2026-02-03T08:06:08.674Z"}, "references": [{"url": "https://www.foxit.com/support/security-bulletins.html"}], "source": {"discovery": "UNKNOWN"}, "title": "Stored XSS via Attachments Feature in https://pdfonline.foxit.com/", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-03T18:46:55.314220Z", "id": "CVE-2026-1591", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-03T18:47:39.727Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1591", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-03T18:46:55.314220Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-03T18:47:22.168Z"}}], "cna": {"title": "Stored XSS via Attachments Feature in https://pdfonline.foxit.com/", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Novee"}], "impacts": [{"descriptions": [{"lang": "en", "value": "Potential arbitrary JavaScript execution"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Foxit Software Inc.", "product": "pdfonline.foxit.com", "versions": [{"status": "affected", "version": "before 2026\u201102\u201103"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.foxit.com/support/security-bulletins.html"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the file upload feature. A malicious username is embedded into the upload file list without proper escaping, allowing arbitrary JavaScript execution when the list is displayed.\n\nThis issue affects pdfonline.foxit.com: before 2026\u201102\u201103.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the file upload feature. A malicious username is embedded into the upload file list without proper escaping, allowing arbitrary JavaScript execution when the list is displayed.</span>\n\n<p>This issue affects pdfonline.foxit.com: before 2026\u201102\u201103.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "14984358-7092-470d-8f34-ade47a7658a2", "shortName": "Foxit", "dateUpdated": "2026-02-03T08:06:08.674Z"}}}, "cveMetadata": {"cveId": "CVE-2026-1591", "state": "PUBLISHED", "dateUpdated": "2026-02-03T18:47:39.727Z", "dateReserved": "2026-01-29T07:31:14.294Z", "assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2", "datePublished": "2026-02-03T07:57:27.281Z", "assignerShortName": "Foxit"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:foxit:pdf_editor_cloud:*:*:*:*:*:*:*:*", "matchCriteriaId": "C22F83B5-EAE7-4F85-A1DA-48617FB7E718", "versionEndExcluding": "2026-02-03", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the file upload feature. A malicious username is embedded into the upload file list without proper escaping, allowing arbitrary JavaScript execution when the list is displayed.\n\nThis issue affects pdfonline.foxit.com: before 2026\u201102\u201103."}, {"lang": "es", "value": "Foxit PDF Editor Cloud (pdfonline) contiene una vulnerabilidad de cross-site scripting almacenado en la funci\u00f3n de carga de archivos. Un nombre de usuario malicioso se incrusta en la lista de archivos cargados sin el escape adecuado, permitiendo la ejecuci\u00f3n arbitraria de JavaScript cuando se muestra la lista.\n\nEste problema afecta a pdfonline.foxit.com: antes del 03-02-2026."}], "id": "CVE-2026-1591", "lastModified": "2026-02-18T16:08:22.517", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 4.2, "source": "14984358-7092-470d-8f34-ade47a7658a2", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-02-03T08:16:14.900", "references": [{"source": "14984358-7092-470d-8f34-ade47a7658a2", "tags": ["Vendor Advisory"], "url": "https://www.foxit.com/support/security-bulletins.html"}], "sourceIdentifier": "14984358-7092-470d-8f34-ade47a7658a2", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "14984358-7092-470d-8f34-ade47a7658a2", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T00:23:37.091337+00:00", "value": {"mitigation_remediation": ["Update to the latest version of Foxit PDF Editor Cloud released on or after February\u202f3,\u202f2026, which fixes the stored XSS vulnerability.", "If an immediate upgrade is not possible, disable the file upload feature or enforce strict input validation to escape or reject characters that could form script tags in the username field.", "As an interim guard, configure the application server\u2019s content security policy to disallow inline scripts on the file list page, preventing execution of any injected code until a patch is applied."], "summary": {"action": "Patch", "impact": "Stored Cross\u2011Site Scripting that can lead to arbitrary JavaScript execution in users' browsers."}, "threat_synthesis": {"affected_systems": "The affected product is Foxit PDF Editor Cloud (pdfonline.foxit.com) running any version prior to the update released on February\u202f3,\u202f2026. Foxit Software Inc. is the vendor responsible for the service.", "description_and_impact": "Foxit PDF Editor Cloud, accessed via pdfonline.foxit.com, contains a stored cross\u2011site scripting vulnerability in the file upload feature. Malicious usernames are embedded into the list of uploaded files without proper HTML escaping, allowing an attacker to inject and execute arbitrary JavaScript whenever the file list is viewed. This can compromise user accounts, exfiltrate session data, or execute further malicious actions in the context of the victim\u2019s browser. The weakness corresponds to CWE\u201179.", "risk_and_exploitability": "The vulnerability has a CVSS base score of 6.3, indicating moderate severity, and an EPSS score of less than 1\u202f%, suggesting low probability of exploitation in the wild at this time. It is not listed in CISA\u2019s Known Exploited Vulnerabilities catalog, further indicating it has not yet been widely abused. To exploit, an attacker needs to upload a file with a crafted username and then compel a user to view the upload list, which is a typical, user\u2011interaction dependent vector. The stored nature of the flaw means the malicious payload remains in the system until the vendor issues a fix."}}}}, "created": "2026-02-04T12:14:27.039006+00:00", "updated": "2026-04-18T00:30:25.711669+00:00", "vendors": ["foxitsoftware", "foxitsoftware$PRODUCT$pdfonline"]}