9 matches found
CVE-2026-1591
CVE-2026-1591 is a stored cross-site scripting vulnerability in Foxit PDF Editor Cloud (pdfonline) caused by an unescaped malicious username in the file upload list. The flaw allows arbitrary JavaScript execution when the uploaded list is displayed, affecting pdfonline.foxit.com prior to 2026-02-...
CVE-2026-1592
CVE-2026-1592 affects Foxit PDF Editor Cloud (pdfonline). The vulnerability is a stored cross-site scripting (XSS) in the Create New Layer feature, where unsanitized user input is embedded into HTML output, enabling arbitrary JavaScript execution when the layer is referenced. Documents reference ...
CVE-2025-66522
The CVE-2025-66522 issue affects Foxit PDF Editor Cloud (pdfonline.foxit.com) under the Digital IDs feature. The vulnerability arises because the Common Name field in Digital IDs is not properly sanitized/encoded before injecting user-supplied content into the DOM, enabling stored XSS if the Digi...
CVE-2025-66502
CVE-2025-66502 describes a stored cross-site scripting (XSS) vulnerability in Foxit’s pdfonline.foxit.com Page Templates. A crafted payload can be stored as the template name and later rendered into the DOM without proper sanitization, causing the injected script to execute each time the affected...
CVE-2025-66501
Foxit pdfonline.foxit.com Predefined Text in Foxit eSign is affected by a stored XSS via the Identity field “First Name,” where unsanitized input is rendered into the DOM when predefined text is used or document properties are viewed. The description is consistently reported across CVE entries (N...
CVE-2025-66521
Summary: CVE-2025-66521 is a stored XSS in Foxit’s pdfonline.foxit.com, specifically in the Trusted Certificates feature. What’s affected: The certificate name field accepts crafted input that is later rendered into the DOM without proper sanitization. Root cause: Insufficient sanitization of the...
CVE-2025-66519
The CVE-2025-66519 issue affects pdfonline.foxit.com, specifically the Layer Import functionality, where a crafted payload placed in the Create new Layer field is later rendered into the DOM without proper sanitization. This leads to stored XSS, with script execution when the Layers panel is acce...
CVE-2025-66520
CVE-2025-66520 affects the Foxit PDF Editor cloud (pdfonline.foxit.com) in its Portfolio feature. The vulnerability is a stored XSS caused by user-supplied SVG files not being properly sanitized or validated before insertion into the HTML structure, enabling embedded HTML/JavaScript to execute wh...
CVE-2025-66500
CVE-2025-66500 describes a stored XSS in Foxit’s webplugins.foxit.com where a postMessage handler fails to validate the message origin and directly assigns externalPath to a script source, enabling arbitrary JavaScript execution when a crafted postMessage is received. The description is consisten...