The vulnerability identified as CVE-2024-27960 affects the Email Subscription Popup product by I Thirteen Web Solution. It is a stored cross-site scripting (CWE-79) issue caused by improper input neutralization during web page generation. This flaw allows attackers to inject malicious scripts that persist within the application, potentially impacting confidentiality, integrity, and availability. The CVSS 3.1 base score is 7.1, indicating high severity with network attack vector, low attack complexity, no privileges required, user interaction required, and scope change. No patch or official remediation level has been provided by the vendor as of the publication date.

Successful exploitation of this stored XSS vulnerability can allow attackers to execute arbitrary scripts in the context of users' browsers interacting with the vulnerable Email Subscription Popup. This can lead to partial compromise of confidentiality (e.g., theft of cookies or session tokens), integrity (e.g., manipulation of displayed content), and availability (e.g., script-based denial of service). The CVSS vector indicates a high impact on confidentiality, integrity, and availability, but exploitation requires user interaction.

No official patch or remediation guidance is currently available from the vendor. Users should monitor the vendor's advisories for updates regarding fixes. Until a patch is released, consider disabling or removing the vulnerable Email Subscription Popup plugin if feasible. Implementing web application firewalls (WAFs) that can detect and block XSS payloads may provide temporary mitigation. Avoid relying on generic security measures unless directly applicable to this vulnerability.