MEDIUM
saas.group
CVE published 2026-06-10
CVE-2026-53737
CVE-2026-53737 is a stored cross-site scripting (XSS) vulnerability in Juicer through version 1.12.18. The vulnerability occurs because the application fails to escape remote feed API response fields before rendering them on the admin settings page. This allows attackers controlling the connected feed data to inject malicious script that executes in an administrator's browser when the settings page loads. [truncated]