CVE-2025-23593

Name of the Vulnerable Software and Affected Versions EmailPress versions n/a through 1.0

Description The issue is related to improper neutralization of input during web page generation, which allows reflected Cross-site Scripting (XSS). This means an attacker can inject malicious scripts into the website, potentially affecting users who access the compromised page.

Recommendations For versions n/a through 1.0, consider disabling any functionality that generates web pages based on user input until a proper fix is applied, to minimize the risk of reflected XSS attacks. Restrict access to any modules or functions involved in web page generation to reduce the potential for exploitation. Avoid using user-supplied input in sensitive API endpoints, such as /api/v1/login or /users/{id}, until the issue is resolved.