PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-54195 Jetmonsters CVE debrief

CVE-2026-54195 is a HIGH severity vulnerability in JetFormBuilder versions <= 3.6.0.1. It allows unauthenticated Cross Site Scripting (XSS) attacks. The CVSS score is 7.1. The vulnerability was published on 2026-06-17T13:20:50.820Z and last modified on 2026-06-17T17:17:26.393Z. Users of affected versions should take immediate action to mitigate the risk.

Vendor
Jetmonsters
Product
JetFormBuilder
CVSS
HIGH 7.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-17
Advisory published
2026-06-17
Advisory updated
2026-06-17

Who should care

Administrators and users of JetFormBuilder versions <= 3.6.0.1 should be aware of this vulnerability and take steps to upgrade or mitigate the risk. Web application security teams and cybersecurity professionals should also be aware of this vulnerability and monitor for potential attacks.

Technical summary

CVE-2026-54195 is a HIGH severity Unauthenticated Cross Site Scripting (XSS) vulnerability in JetFormBuilder versions <= 3.6.0.1. The vulnerability has a CVSS score of 7.1 and can be exploited without authentication. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. The weakness is classified as CWE-79.

Defensive priority

HIGH

Recommended defensive actions

  • Upgrade JetFormBuilder to a version greater than 3.6.0.1
  • Implement additional security measures such as input validation and output encoding
  • Monitor for potential attacks and suspicious activity
  • Consider using a web application firewall (WAF) to detect and prevent attacks
  • Keep software and plugins up to date
  • Perform regular security audits and vulnerability assessments

Evidence notes

The vulnerability was reported by Patchstack and is listed in the NVD database. The CVE record and NVD detail pages provide additional information about the vulnerability.

Official resources

public