CVE Catalog

CVE-2026-53737

MediumCVSS 6.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.03%

9th percentile - higher than 9% of all known CVEs

Summary

Juicer through 1.12.18 fails to escape remote feed API response fields before rendering them on the admin settings page. Attackers controlling the connected feed data can inject script that executes in an administrator's browser when the settings page loads.

Risk Assessment

This vulnerability could lead to the execution of malicious code in the administrator's browser, posing a risk of system takeover or data theft.

Recommendation

It is recommended to update Juicer to the latest version that fixes this vulnerability and to implement appropriate security measures to filter data from remote sources.

Original NVD description (English source)

Juicer through 1.12.18 fails to escape remote feed API response fields before rendering them on the admin settings page. Attackers controlling the connected feed data can inject script that executes in an administrator's browser when the settings page loads.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS