Foxit PDF Editor Vulnerabilities Enable Arbitrary JavaScript Execution

Foxit PDF Editor Vulnerabilities Enable Arbitrary JavaScript Execution

First seen 3 Feb 2026, 20:27 UTC CyberpressCybersecuritynewsThecyberexpress 86% similarity 29.9

Article Content

Browse articles
ThreatCluster

Critical cross-site scripting (XSS) vulnerabilities were identified in Foxit PDF Editor Cloud, allowing attackers to execute arbitrary JavaScript code in users’ browsers. The vulnerabilities stem from insufficient input validation and improper output encoding in the application's File Attachments list and Layers panel, potentially leading to privilege escalation and cross-domain data theft. Foxit has responded by implementing comprehensive input validation.

ThreatCluster AI

Community

Browse all →