:novee-gym: Elite AI hackers aren’t born. They’re trained.

Step into the gym at Black Hat 2026.

:novee-gym: Elite AI hackers aren’t born. They’re trained.

Step into the gym at Black Hat 2026.
MEDIUM

CVE-2026-1591 - Stored XSS via Attachments Feature

Discovered By Novee Agent Published on 18 Feb, 2026

Affected Component

Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the file upload feature. A malicious username is embedded into the upload file list without proper escaping, allowing arbitrary JavaScript execution when the list is displayed. This issue affects pdfonline.foxit.com: before 2026‑02‑03.

< Back to vulnerabilities