GHSA-59cg-pg2j-hj7mMediumCVSS 6.1

Juicer through 1.12.18 fails to escape remote feed API response fields before rendering them on...

Published
June 11, 2026
Last Modified
June 11, 2026

🔗 CVE IDs covered (1)

📋 Description

Juicer through 1.12.18 fails to escape remote feed API response fields before rendering them on the admin settings page. Attackers controlling the connected feed data can inject script that executes in an administrator's browser when the settings page loads.

🔗 References (4)