Lucene search
K

20 matches found

RedhatCVE
RedhatCVE
added 2026/02/04 1:20 p.m.5 views

CVE-2026-1592

Foxit PDF Editor Cloud pdfonline contains a stored cross-site scripting vulnerability in the Create New Layer feature. Unsanitized user input is embedded into the HTML output, allowing arbitrary JavaScript execution when the layer is referenced. This issue affects pdfonline.foxit.com: before...

6.3CVSS5.4AI score0.00195EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/04 1:20 p.m.4 views

CVE-2026-1591

Foxit PDF Editor Cloud pdfonline contains a stored cross-site scripting vulnerability in the file upload feature. A malicious username is embedded into the upload file list without proper escaping, allowing arbitrary JavaScript execution when the list is displayed. This issue affects...

6.3CVSS5.3AI score0.00195EPSS
Exploits0References1
OSV
OSV
added 2026/02/03 8:16 a.m.4 views

CVE-2026-1592

Foxit PDF Editor Cloud pdfonline contains a stored cross-site scripting vulnerability in the Create New Layer feature. Unsanitized user input is embedded into the HTML output, allowing arbitrary JavaScript execution when the layer is referenced. This issue affects pdfonline.foxit.com: before...

5.4CVSS5.9AI score0.00195EPSS
Exploits0References1
NVD
NVD
added 2026/02/03 8:16 a.m.7 views

CVE-2026-1592

Foxit PDF Editor Cloud pdfonline contains a stored cross-site scripting vulnerability in the Create New Layer feature. Unsanitized user input is embedded into the HTML output, allowing arbitrary JavaScript execution when the layer is referenced. This issue affects pdfonline.foxit.com: before...

6.3CVSS0.00195EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/03 7:59 a.m.28 views

CVE-2026-1592 Stored XSS via Create New Layer Field found in Foxit PDF Editor Cloud

Foxit PDF Editor Cloud pdfonline contains a stored cross-site scripting vulnerability in the Create New Layer feature. Unsanitized user input is embedded into the HTML output, allowing arbitrary JavaScript execution when the layer is referenced. This issue affects pdfonline.foxit.com: before...

6.3CVSS0.00195EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/03 7:57 a.m.4 views

CVE-2026-1591

Foxit PDF Editor Cloud pdfonline contains a stored cross-site scripting vulnerability in the file upload feature. A malicious username is embedded into the upload file list without proper escaping, allowing arbitrary JavaScript execution when the list is displayed. This issue affects...

6.3CVSS5.3AI score0.00195EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/20 8:14 a.m.5 views

CVE-2025-66502

A stored cross-site scripting XSS vulnerability exists in pdfonline.foxit.com within the Page Templates feature. A crafted payload can be stored as the template name, which is later rendered into the DOM without proper sanitization. As a result, the injected script executes each time the affected...

6.3CVSS5.5AI score0.00147EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/20 8:14 a.m.8 views

CVE-2025-66501

A stored cross-site scripting XSS vulnerability exists in pdfonline.foxit.com within the Predefined Text feature of the Foxit eSign section. A crafted payload can be stored via the Identity “First Name” field, which is later rendered into the DOM without proper sanitization. As a result, the...

6.3CVSS5.8AI score0.0015EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/20 8:14 a.m.5 views

CVE-2025-66519

A stored cross-site scripting XSS vulnerability exists in pdfonline.foxit.com within the Layer Import functionality. A crafted payload can be injected into the “Create new Layer” field during layer import and is later rendered into the DOM without proper sanitization. As a result, the injected...

6.3CVSS5.7AI score0.0015EPSS
Exploits0References1
OSV
OSV
added 2025/12/19 8:15 a.m.4 views

CVE-2025-66501

A stored cross-site scripting XSS vulnerability exists in pdfonline.foxit.com within the Predefined Text feature of the Foxit eSign section. A crafted payload can be stored via the Identity “First Name” field, which is later rendered into the DOM without proper sanitization. As a result, the...

5.4CVSS5.7AI score0.0015EPSS
Exploits0References1
OSV
OSV
added 2025/12/19 8:15 a.m.2 views

CVE-2025-66519

A stored cross-site scripting XSS vulnerability exists in pdfonline.foxit.com within the Layer Import functionality. A crafted payload can be injected into the “Create new Layer” field during layer import and is later rendered into the DOM without proper sanitization. As a result, the injected...

5.4CVSS5.7AI score0.0015EPSS
Exploits0References1
NVD
NVD
added 2025/12/19 8:15 a.m.4 views

CVE-2025-66519

A stored cross-site scripting XSS vulnerability exists in pdfonline.foxit.com within the Layer Import functionality. A crafted payload can be injected into the “Create new Layer” field during layer import and is later rendered into the DOM without proper sanitization. As a result, the injected...

6.3CVSS0.0015EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/19 7:33 a.m.4 views

EUVD-2025-204455

A stored cross-site scripting XSS vulnerability exists in pdfonline.foxit.com within the Trusted Certificates feature. A crafted payload can be injected as the certificate name, which is later rendered into the DOM without proper sanitization. As a result, the injected script executes each time t...

6.3CVSS5.2AI score0.001EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/19 7:27 a.m.4 views

EUVD-2025-204457

A stored cross-site scripting XSS vulnerability exists in pdfonline.foxit.com within the Layer Import functionality. A crafted payload can be injected into the “Create new Layer” field during layer import and is later rendered into the DOM without proper sanitization. As a result, the injected...

6.3CVSS5.2AI score0.0015EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/19 7:25 a.m.21 views

CVE-2025-66502 Foxit pdfonline.foxit.com Stored Cross-Site Scripting in Page Templates Feature

A stored cross-site scripting XSS vulnerability exists in pdfonline.foxit.com within the Page Templates feature. A crafted payload can be stored as the template name, which is later rendered into the DOM without proper sanitization. As a result, the injected script executes each time the affected...

6.3CVSS0.00147EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/19 7:25 a.m.3 views

CVE-2025-66502 Foxit pdfonline.foxit.com Stored Cross-Site Scripting in Page Templates Feature

A stored cross-site scripting XSS vulnerability exists in pdfonline.foxit.com within the Page Templates feature. A crafted payload can be stored as the template name, which is later rendered into the DOM without proper sanitization. As a result, the injected script executes each time the affected...

6.3CVSS5.2AI score0.00147EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/19 7:23 a.m.27 views

CVE-2025-66501 Foxit pdfonline.foxit.com Stored Cross-Site Scripting in eSign Predefined Text Feature

A stored cross-site scripting XSS vulnerability exists in pdfonline.foxit.com within the Predefined Text feature of the Foxit eSign section. A crafted payload can be stored via the Identity “First Name” field, which is later rendered into the DOM without proper sanitization. As a result, the...

6.3CVSS0.0015EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/19 12:0 a.m.6 views

PT-2025-52430

A stored cross-site scripting XSS vulnerability exists in pdfonline.foxit.com within the Page Templates feature. A crafted payload can be stored as the template name, which is later rendered into the DOM without proper sanitization. As a result, the injected script executes each time the affected...

6.3CVSS5.5AI score0.00147EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/19 12:0 a.m.4 views

PT-2025-52433

A stored cross-site scripting XSS vulnerability exists in pdfonline.foxit.com within the Trusted Certificates feature. A crafted payload can be injected as the certificate name, which is later rendered into the DOM without proper sanitization. As a result, the injected script executes each time t...

6.3CVSS5.7AI score0.001EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/19 12:0 a.m.5 views

PT-2025-52429

A stored cross-site scripting XSS vulnerability exists in pdfonline.foxit.com within the Predefined Text feature of the Foxit eSign section. A crafted payload can be stored via the Identity “First Name” field, which is later rendered into the DOM without proper sanitization. As a result, the...

6.3CVSS5.8AI score0.0015EPSS
Exploits0References2
Rows per page
Query Builder