CVE-2026-1591 – Foxit PDF Editor Cloud Stored Cross-Site Scripting Vulnerabilities

Foxit addressed two medium-severity stored cross-site scripting vulnerabilities in Foxit PDF Editor Cloud that could allow attackers to inject and execute malicious JavaScript in a user’s browser. CVE-2026-1591 affects the File Attachments list, where specially crafted file names are not properly sanitized before being displayed. CVE-2026-1592 impacts the Create New Layer feature, where unsafe handling of layer names allows similar script execution. Both issues stem from insufficient input validation and output encoding within the cloud interface.

Each vulnerability carries a CVSS v3.1 score of 6.3 (Medium). Successful exploitation requires user interaction, such as opening or viewing a crafted document, but could allow attackers to steal session information, access data visible to the user, or redirect users to malicious content. Foxit released updates that correct the input handling logic and prevent script injection through these fields. There are no confirmed reports of active exploitation or zero-day abuse at the time of disclosure.