← voltar
CVE-2026-53737

Juicer through 1.12.18 Stored Cross-Site Scripting via Unescaped API Response

CVSS 5.3 MEDIUMEPSS 0.2%CWE-79
Juicer through 1.12.18 fails to escape remote feed API response fields before rendering them on the admin settings page. Attackers controlling the connected feed data can inject script that executes in an administrator's browser when the settings page loads.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Produtos afetados
saas.group · Juicer

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://wordpress.org/plugins/juicer/https://www.vulncheck.com/advisories/juicer-through-stored-cross-site-scripting-via-unescaped-api-response