Foxit Patches Critical XSS Vulnerabilities in PDF Editor Cloud and eSign
Foxit Software has addressed multiple cross-site scripting (XSS) vulnerabilities in its Foxit PDF Editor Cloud and Foxit eSign platforms, mitigating risks of arbitrary JavaScript execution in user browsers. The flaws, stemming from insufficient input validation and improper output encoding, could allow attackers to inject malicious scripts via crafted file attachments, layer names, or URL parameters.
The primary vulnerabilities CVE-2026-1591 and CVE-2026-1592 affect Foxit PDF Editor Cloud, enabling script injection through the File Attachments list and Layers panel. Both carry a Moderate severity rating (CVSS 6.3) and require user interaction, such as opening a maliciously crafted PDF or layer configuration. Exploitation could lead to session token theft, data exfiltration, or redirection to malicious sites, posing heightened risks in enterprise environments where PDF workflows are prevalent.
A separate XSS flaw, CVE-2025-66523 (CVSS 6.1), impacts Foxit eSign, arising from improper handling of URL parameters in specially crafted links. This vulnerability could facilitate privilege escalation and cross-domain data theft within eSign workflows.
Foxit released patches on February 3, 2026 (PDF Editor Cloud) and January 15, 2026 (eSign), implementing stricter input validation and output encoding. Updates are deployed automatically, though organizations are advised to verify their systems are running the latest versions. The company’s security team encourages vulnerability reporting via security-ml@foxit.com and provides updates through its security advisory page.
Source: https://cyberpress.org/foxit-pdf-editor-vulnerability/
Foxit cybersecurity rating report: https://www.rankiteo.com/company/foxit-corporation
"id": "FOX1770167007",
"linkid": "foxit-corporation",
"type": "Vulnerability",
"date": "2/2026",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'industry': 'Software',
'name': 'Foxit Software',
'type': 'Company'}],
'attack_vector': ['Crafted file attachments', 'Layer names', 'URL parameters'],
'data_breach': {'data_exfiltration': 'Possible',
'file_types_exposed': ['PDF'],
'type_of_data_compromised': ['Session tokens',
'Cross-domain data']},
'date_resolved': '2026-02-03',
'description': 'Foxit Software has addressed multiple cross-site scripting '
'(XSS) vulnerabilities in its Foxit PDF Editor Cloud and Foxit '
'eSign platforms, mitigating risks of arbitrary JavaScript '
'execution in user browsers. The flaws, stemming from '
'insufficient input validation and improper output encoding, '
'could allow attackers to inject malicious scripts via crafted '
'file attachments, layer names, or URL parameters.',
'impact': {'data_compromised': ['Session token theft',
'Data exfiltration',
'Cross-domain data theft'],
'systems_affected': ['Foxit PDF Editor Cloud', 'Foxit eSign']},
'post_incident_analysis': {'corrective_actions': ['Stricter input validation',
'Output encoding'],
'root_causes': ['Insufficient input validation',
'Improper output encoding']},
'recommendations': 'Verify systems are running the latest versions of Foxit '
'PDF Editor Cloud and Foxit eSign. Report vulnerabilities '
'via security-ml@foxit.com.',
'references': [{'source': 'Foxit Security Advisory Page',
'url': 'https://www.foxit.com/security-advisories'}],
'response': {'communication_strategy': 'Security advisories published on '
"Foxit's security advisory page",
'containment_measures': 'Stricter input validation and output '
'encoding',
'recovery_measures': 'Updates deployed automatically',
'remediation_measures': 'Patches released for Foxit PDF Editor '
'Cloud (February 3, 2026) and Foxit '
'eSign (January 15, 2026)'},
'title': 'Foxit Patches Critical XSS Vulnerabilities in PDF Editor Cloud and '
'eSign',
'type': 'Cross-Site Scripting (XSS)',
'vulnerability_exploited': ['Insufficient input validation',
'Improper output encoding']}