Lucene search
K
FoxitPdf Editor Cloud

9 matches found

CVE
CVE
added 2026/02/03 7:57 a.m.29 views

CVE-2026-1591

CVE-2026-1591 is a stored cross-site scripting vulnerability in Foxit PDF Editor Cloud (pdfonline) caused by an unescaped malicious username in the file upload list. The flaw allows arbitrary JavaScript execution when the uploaded list is displayed, affecting pdfonline.foxit.com prior to 2026-02-...

6.3CVSS5.3AI score0.00195EPSS
CVE
CVE
added 2026/02/03 7:59 a.m.21 views

CVE-2026-1592

CVE-2026-1592 affects Foxit PDF Editor Cloud (pdfonline). The vulnerability is a stored cross-site scripting (XSS) in the Create New Layer feature, where unsanitized user input is embedded into HTML output, enabling arbitrary JavaScript execution when the layer is referenced. Documents reference ...

6.3CVSS5.4AI score0.00195EPSS
CVE
CVE
added 2025/12/19 7:34 a.m.19 views

CVE-2025-66522

The CVE-2025-66522 issue affects Foxit PDF Editor Cloud (pdfonline.foxit.com) under the Digital IDs feature. The vulnerability arises because the Common Name field in Digital IDs is not properly sanitized/encoded before injecting user-supplied content into the DOM, enabling stored XSS if the Digi...

6.3CVSS5.2AI score0.0015EPSS
CVE
CVE
added 2025/12/19 7:25 a.m.14 views

CVE-2025-66502

CVE-2025-66502 describes a stored cross-site scripting (XSS) vulnerability in Foxit’s pdfonline.foxit.com Page Templates. A crafted payload can be stored as the template name and later rendered into the DOM without proper sanitization, causing the injected script to execute each time the affected...

6.3CVSS5.2AI score0.00147EPSS
CVE
CVE
added 2025/12/19 7:23 a.m.13 views

CVE-2025-66501

Foxit pdfonline.foxit.com Predefined Text in Foxit eSign is affected by a stored XSS via the Identity field “First Name,” where unsanitized input is rendered into the DOM when predefined text is used or document properties are viewed. The description is consistently reported across CVE entries (N...

6.3CVSS5.4AI score0.0015EPSS
CVE
CVE
added 2025/12/19 7:33 a.m.13 views

CVE-2025-66521

Summary: CVE-2025-66521 is a stored XSS in Foxit’s pdfonline.foxit.com, specifically in the Trusted Certificates feature. What’s affected: The certificate name field accepts crafted input that is later rendered into the DOM without proper sanitization. Root cause: Insufficient sanitization of the...

6.3CVSS5.3AI score0.001EPSS
CVE
CVE
added 2025/12/19 7:27 a.m.12 views

CVE-2025-66519

The CVE-2025-66519 issue affects pdfonline.foxit.com, specifically the Layer Import functionality, where a crafted payload placed in the Create new Layer field is later rendered into the DOM without proper sanitization. This leads to stored XSS, with script execution when the Layers panel is acce...

6.3CVSS5.3AI score0.0015EPSS
CVE
CVE
added 2025/12/19 7:30 a.m.12 views

CVE-2025-66520

CVE-2025-66520 affects the Foxit PDF Editor cloud (pdfonline.foxit.com) in its Portfolio feature. The vulnerability is a stored XSS caused by user-supplied SVG files not being properly sanitized or validated before insertion into the HTML structure, enabling embedded HTML/JavaScript to execute wh...

6.3CVSS5.3AI score0.0015EPSS
CVE
CVE
added 2025/12/19 7:16 a.m.8 views

CVE-2025-66500

CVE-2025-66500 describes a stored XSS in Foxit’s webplugins.foxit.com where a postMessage handler fails to validate the message origin and directly assigns externalPath to a script source, enabling arbitrary JavaScript execution when a crafted postMessage is received. The description is consisten...

6.3CVSS5.5AI score0.00173EPSS