What is CVE-2026-53737?

CVE-2026-53737 is a medium-severity vulnerability, classified under Cross-site Scripting. CVSS score: 6.1/10. Published 2026-06-10.

How severe is CVE-2026-53737?

Medium severity. CVSS v3 base score is 6.1 out of 10.

CVE-2026-53737

CVE-2026-53737

Juicer through 1.12.18 fails to escape remote feed API response fields before rendering them on the admin settings page. Attackers controlling the connected feed data can inject script that executes in an administrator's browser when the s…

Vulnerability class: XSS (Cross-Site Scripting)

CVSS v3 metric

CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N.

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

disclosure@vulncheck.com
disclosure@vulncheck.com

Frequently asked questions

What is CVE-2026-53737?: CVE-2026-53737 is a medium-severity vulnerability, classified under Cross-site Scripting. CVSS score: 6.1/10. Published 2026-06-10.
How severe is CVE-2026-53737?: Medium severity. CVSS v3 base score is 6.1 out of 10.