CVE-2026-1591

{"id": "CVE-2026-1591", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "14984358-7092-470d-8f34-ade47a7658a2", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.2, "exploitabilityScore": 2.1}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2026-02-03T08:16:14.900", "references": [{"url": "https://www.foxit.com/support/security-bulletins.html", "tags": ["Vendor Advisory"], "source": "14984358-7092-470d-8f34-ade47a7658a2"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "14984358-7092-470d-8f34-ade47a7658a2", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the file upload feature. A malicious username is embedded into the upload file list without proper escaping, allowing arbitrary JavaScript execution when the list is displayed.\n\nThis issue affects pdfonline.foxit.com: before 2026\u201102\u201103."}, {"lang": "es", "value": "Foxit PDF Editor Cloud (pdfonline) contiene una vulnerabilidad de cross-site scripting almacenado en la funci\u00f3n de carga de archivos. Un nombre de usuario malicioso se incrusta en la lista de archivos cargados sin el escape adecuado, permitiendo la ejecuci\u00f3n arbitraria de JavaScript cuando se muestra la lista.\n\nEste problema afecta a pdfonline.foxit.com: antes del 03-02-2026."}], "lastModified": "2026-02-18T16:08:22.517", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:foxit:pdf_editor_cloud:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C22F83B5-EAE7-4F85-A1DA-48617FB7E718", "versionEndExcluding": "2026-02-03"}], "operator": "OR"}]}], "sourceIdentifier": "14984358-7092-470d-8f34-ade47a7658a2"}