Lucene search
K

49 matches found

Cvelist
Cvelist
added 2026/06/15 7:18 p.m.25 views

CVE-2026-48518 MultiJuicer: Login CSRF allows attacker to force victims into their team

MultiJuicer is used to run separate Juice Shop instances on a central kubernetes cluster without the need for local instances. In versions 8.0.0 through 10.0.0, the team join endpoint POST /multi-juicer/api/teams/team/join accepted requests with any Content-Type, including text/plain. Because tha...

4.3CVSS0.00172EPSS
Exploits0References3
CVE
CVE
added 2026/06/15 7:18 p.m.7 views

CVE-2026-48518

Affected software: MultiJuicer (versions 8.0.0–10.0.0) running on a central Kubernetes deployment. Vulnerability: CSRF in the team join endpoint (POST /multi-juicer/api/teams/{team}/join) that accepts any Content-Type, bypassing CORS preflight and enabling a cross-site form to force a victim to j...

4.3CVSS5.2AI score0.00172EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.11 views

PT-2026-49470

Name of the Vulnerable Software and Affected Versions MultiJuicer versions 8.0.0 through 10.0.0 Description The team join endpoint 'POST /multi-juicer/api/teams/team/join' accepts requests with any Content-Type, including text/plain. Since this content type does not trigger a Cross-Origin Resourc...

4.3CVSS5.8AI score0.00172EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/11 12:32 a.m.10 views

EUVD-2026-36138

Juicer through 1.12.18 fails to escape remote feed API response fields before rendering them on the admin settings page. Attackers controlling the connected feed data can inject script that executes in an administrator's browser when the settings page loads...

6.1CVSS5.5AI score0.00158EPSS
Exploits0References3
NVD
NVD
added 2026/06/10 10:17 p.m.12 views

CVE-2026-53737

Juicer through 1.12.18 fails to escape remote feed API response fields before rendering them on the admin settings page. Attackers controlling the connected feed data can inject script that executes in an administrator's browser when the settings page loads...

6.1CVSS0.00158EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/10 8:39 p.m.7 views

CVE-2026-53737 Juicer through 1.12.18 Stored Cross-Site Scripting via Unescaped API Response

Juicer through 1.12.18 fails to escape remote feed API response fields before rendering them on the admin settings page. Attackers controlling the connected feed data can inject script that executes in an administrator's browser when the settings page loads...

6.1CVSS5.5AI score0.00158EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/10 8:39 p.m.30 views

CVE-2026-53737 Juicer through 1.12.18 Stored Cross-Site Scripting via Unescaped API Response

Juicer through 1.12.18 fails to escape remote feed API response fields before rendering them on the admin settings page. Attackers controlling the connected feed data can inject script that executes in an administrator's browser when the settings page loads...

6.1CVSS0.00158EPSS
Exploits0References2
CVE
CVE
added 2026/06/10 8:39 p.m.22 views

CVE-2026-53737

CVE-2026-53737 affects Juicer (through 1.12.18). The vulnerability is a Stored Cross-Site Scripting (XSS) due to unescaped remote feed API response fields on the admin settings page; when the page loads, an attacker controlling the connected feed data can inject script that runs in an administrat...

6.1CVSS5.5AI score0.00158EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.14 views

WordPress plugin Juicer 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.1CVSS5.3AI score0.00158EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.18 views

PT-2026-48551

Juicer through 1.12.18 fails to escape remote feed API response fields before rendering them on the admin settings page. Attackers controlling the connected feed data can inject script that executes in an administrator's browser when the settings page loads...

6.1CVSS5.5AI score0.00158EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/05/01 9:31 a.m.7 views

WordPress Internal Link Juicer: SEO Auto Linker for WordPress plugin <= 2.24.6 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Internal Link Juicer: SEO Auto Linker for WordPress versions = 2.24.6...

6.1CVSS5.8AI score0.00276EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-36898

Malicious code in bioql PyPI...

4.3CVSS6.6AI score0.00183EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-12261

Malicious code in bioql PyPI...

5.4CVSS5.6AI score0.00471EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-16449

Malicious code in bioql PyPI...

4.8CVSS6.3AI score0.00301EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.4 views

Malicious code in juicer-plugin (npm)

The package juicer-plugin was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.3 views

MAL-2025-23993 Malicious code in juicer-plugin (npm)

The package juicer-plugin was found to contain malicious code...

7.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 8:7 a.m.5 views

CVE-2024-37941

Cross-Site Request Forgery CSRF vulnerability in Internal Link Juicer Internal Link Juicer: SEO Auto Linker for WordPress.This issue affects Internal Link Juicer: SEO Auto Linker for WordPress: from n/a through 2.24.3...

4.3CVSS7AI score0.00183EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:25 a.m.9 views

CVE-2024-0657

The Internal Link Juicer: SEO Auto Linker for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings such as 'iljsettingsfieldlinksperpage' in all versions up to, and including, 2.23.4 due to insufficient input sanitization and output escaping. This makes i...

4.8CVSS5.7AI score0.00301EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:54 a.m.3 views

CVE-2023-0172

The Juicer WordPress plugin before 1.11 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.9AI score0.00471EPSS
Exploits2References1
NVD
NVD
added 2024/07/12 2:15 p.m.17 views

CVE-2024-37941

Cross-Site Request Forgery CSRF vulnerability in Internal Link Juicer Internal Link Juicer: SEO Auto Linker for WordPress.This issue affects Internal Link Juicer: SEO Auto Linker for WordPress: from n/a through 2.24.3...

4.3CVSS0.00183EPSS
Exploits0References1
Rows per page
Query Builder