Loading market data...
← Back to CVE feed

CVE-2026-53737

MEDIUM CVSS 6.1 View on NVD ↗

Description

Juicer through 1.12.18 fails to escape remote feed API response fields before rendering them on the admin settings page. Attackers controlling the connected feed data can inject script that executes in an administrator's browser when the settings page loads.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Published: Jun 10, 2026 22:17 UTC Modified: Jun 11, 2026 15:22 UTC