CVE-2025-23599

High

Published: 03 February 2025

Published

03 February 2025

Modified

23 April 2026

KEV Added

—

Patch

—

CVSS Score 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

EPSS Score 0.0005 15.5th percentile

Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aarvansh Infotech eMarksheet emarksheet allows Reflected XSS.This issue affects eMarksheet: from n/a through <= 5.4.3.

Security Summary

CVE-2025-23599 is an Improper Neutralization of Input During Web Page Generation vulnerability, enabling Reflected Cross-site Scripting (XSS) as classified under CWE-79. It affects the eMarksheet WordPress plugin developed by Aarvansh Infotech, with the issue present in all versions from n/a through 5.4.3.

The vulnerability carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L). Remote attackers require no privileges and can exploit it over the network with low complexity by tricking users into performing an action, such as clicking a malicious link containing a reflected payload. Successful exploitation executes arbitrary scripts in the victim's browser context, potentially leading to low impacts on confidentiality, integrity, and availability, with scope change allowing effects beyond the vulnerable component, such as session-based attacks.

The Patchstack advisory at https://patchstack.com/database/Wordpress/Plugin/emarksheet/vulnerability/wordpress-emarksheet-plugin-5-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve documents the Reflected XSS issue in the eMarksheet WordPress plugin.

Details

CWE(s): CWE-79

References

https://patchstack.com/database/Wordpress/Plugin/emarksheet/vulnerability/wordpress-emarksheet-plugin-5-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
audit@patchstack.com