Medium CVE-2026-53737 Juicer through 1.12.18 fails to escape remote feed API response fields before rendering them on the admin settings page. Attackers controlling the connected feed data can inject script that executes in an administrator's browser when the settings page loads. CVSS: 6.1 · CWE:...

#Sicherheitslücke #Browser

Original-Artikel öffnen Zurück zur Übersicht

ARTICLEVIEW

[Medium] CVE-2026-53737 – Juicer through 1.12.18 fails to escape remote feed API response fields before re...

VERWANDTEARTIKEL

CVE-2026-42908

CVE-2026-45639

CVE-2026-46695 - BoxLite: Permission Bypass in boxlite Allows Modification of Read-Only Files

CVE-2026-46703 - BoxLite: Path Traversal Vulnerability in boxlite Leads to Arbitrary File Write on the Host

CVE-2026-42305 - Dulwich has an arbitrary file write via NTFS-hostile tree entries on Windows

[High] CVE-2026-53738 – Copy & Delete Posts through 1.5.4 lets any plugin-enabled non-admin role invoke ...