CVE-2026-53737EPSS p5.3%

CVE-2026-53737CVE-2026-53737

Description

Juicer through 1.12.18 fails to escape remote feed API response fields before rendering them on the admin settings page. Attackers controlling the connected feed data can inject script that executes in an administrator's browser when the settings page loads.

Scoring

CVSS 6.1 ()
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS0.16% probability of exploitation · percentile 5.3% · 2026-06-18T12:00:27Z
Last modified2026-06-11

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-35466
CVE
JQuery Cross-Site Scripting (XSS) Vulnerability
CVE
CVE-2026-53742
CVE
CVE-2026-37700
CVE
CVE-2025-58173
CVE
CVE-2026-9646
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.