CVE-2026-1591

Name of the Vulnerable Software and Affected Versions Foxit PDF Editor Cloud versions prior to 2026-02-03

Description Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting issue in the file upload feature. A malicious username is embedded into the upload file list without proper escaping, allowing arbitrary JavaScript execution when the list is displayed. The issue is due to improper neutralization of input during web page generation. Attackers can upload a file with a malicious JavaScript payload embedded in the username field, persisting the payload in upload metadata and triggering execution when other users open shared document lists. This could lead to session token theft, account takeover, credential harvesting, and unauthorized changes to document sharing.

Recommendations Foxit PDF Editor Cloud versions prior to 2026-02-03 should be updated to version 2026-02-03 or later. Force global session invalidation and require user reauthentication. Audit historical uploads for suspicious username values containing script or HTML payloads. Monitor logs for abnormal uploads and unexpected outbound browser requests.