CVE-2025-28976

Name of the Vulnerable Software and Affected Versions: Email Address Security by WebEmailProtector versions n/a through 3.3.6

Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Stored XSS. This means that an attacker can inject malicious scripts into the website, which can then be executed by other users.

Recommendations: For versions n/a through 3.3.6, update to a version later than 3.3.6 to resolve the issue. As a temporary workaround, consider restricting user input to prevent malicious scripts from being injected into the website. Avoid using the vulnerable component until a patch is available. At the moment, there is no information about additional mitigation measures.