CVE-2025-23456

Name of the Vulnerable Software and Affected Versions EmailShroud versions prior to 2.2.1 EmailShroud version 2.2.1

Description The issue is a Cross-Site Request Forgery (CSRF) vulnerability that allows Reflected XSS. This means an attacker can trick a user into performing unintended actions on a web application, and also inject malicious code that will be executed by the user's browser.

Recommendations For versions prior to 2.2.1, update to version 2.2.1 or later to resolve the issue. For version 2.2.1, consider disabling any functionality that may be related to the CSRF vulnerability until a patch is available.