6 matches found
CVE-2026-1591
Foxit PDF Editor Cloud pdfonline contains a stored cross-site scripting vulnerability in the file upload feature. A malicious username is embedded into the upload file list without proper escaping, allowing arbitrary JavaScript execution when the list is displayed. This issue affects...
CVE-2026-1591
Foxit PDF Editor Cloud pdfonline contains a stored cross-site scripting vulnerability in the file upload feature. A malicious username is embedded into the upload file list without proper escaping, allowing arbitrary JavaScript execution when the list is displayed. This issue affects...
CVE-2026-1591 Stored XSS via Attachments Feature in https://pdfonline.foxit.com/
Foxit PDF Editor Cloud pdfonline contains a stored cross-site scripting vulnerability in the file upload feature. A malicious username is embedded into the upload file list without proper escaping, allowing arbitrary JavaScript execution when the list is displayed. This issue affects...
CVE-2026-1591
CVE-2026-1591 is a stored cross-site scripting vulnerability in Foxit PDF Editor Cloud (pdfonline) caused by an unescaped malicious username in the file upload list. The flaw allows arbitrary JavaScript execution when the uploaded list is displayed, affecting pdfonline.foxit.com prior to 2026-02-...
CVE-2026-1591 Stored XSS via Attachments Feature in https://pdfonline.foxit.com/
Foxit PDF Editor Cloud pdfonline contains a stored cross-site scripting vulnerability in the file upload feature. A malicious username is embedded into the upload file list without proper escaping, allowing arbitrary JavaScript execution when the list is displayed. This issue affects...
CVE-2025-10700
The Ally – Web Accessibility & Usability plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.0. This is due to missing or incorrect nonce validation on the enableunfilteredfilesupload function. This makes it possible for unauthenticated...