Foxit Software has released security updates addressing multiple cross-site scripting (XSS) vulnerabilities affecting Foxit PDF Editor Cloud and Foxit eSign, closing gaps that could have allowed attackers to execute arbitrary JavaScript within a user’s browser. The patches were issued as part of Foxit’s ongoing security and stability improvements, with the most recent update for Foxit PDF Editor Cloud released on February 3, 2026. 

The vulnerabilities stem from weaknesses in input validation and output encoding within specific features of Foxit PDF Editor Cloud. According to Foxit’s official advisory, attackers could exploit these flaws when users interacted with specially crafted file at...