CVE-2026-1592

{"id": "CVE-2026-1592", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "14984358-7092-470d-8f34-ade47a7658a2", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.2, "exploitabilityScore": 2.1}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2026-02-03T08:16:15.043", "references": [{"url": "https://www.foxit.com/support/security-bulletins.html", "tags": ["Vendor Advisory"], "source": "14984358-7092-470d-8f34-ade47a7658a2"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "14984358-7092-470d-8f34-ade47a7658a2", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the Create New Layer feature. Unsanitized user input is embedded into the HTML output, allowing arbitrary JavaScript execution when the layer is referenced.\n\nThis issue affects pdfonline.foxit.com: before 2026\u201102\u201103."}, {"lang": "es", "value": "Foxit PDF Editor Cloud (pdfonline) contiene una vulnerabilidad de cross-site scripting almacenada en la funci\u00f3n 'Crear nueva capa'. La entrada de usuario no saneada se incrusta en la salida HTML, permitiendo la ejecuci\u00f3n arbitraria de JavaScript cuando se hace referencia a la capa.\n\nEste problema afecta a pdfonline.foxit.com: antes del 2026?02?03."}], "lastModified": "2026-02-18T16:08:28.207", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:foxit:pdf_editor_cloud:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C22F83B5-EAE7-4F85-A1DA-48617FB7E718", "versionEndExcluding": "2026-02-03"}], "operator": "OR"}]}], "sourceIdentifier": "14984358-7092-470d-8f34-ade47a7658a2"}