CVE-2025-49912

Name of the Vulnerable Software and Affected Versions Nks Email Subscription Popup versions through 1.2.26

Description The software contains a flaw due to improper neutralization of input during web page generation, which allows for Stored Cross-site Scripting (XSS). This means that malicious scripts can be stored on the server and executed by other users when they view the affected web page. The vulnerability exists in the email-subscribe component.

Recommendations Update to a version later than 1.2.26.