This vulnerability involves improper neutralization of input in the Secure Copy Content Protection and Content Locking product by Ays Pro, specifically in the 'secure-copy-content-protection-subscribe-to-view' functionality. It allows an attacker to inject and store malicious scripts (Stored XSS), which may execute in the context of users viewing the affected pages. The CVSS 3.1 base score is 7.1, indicating a high severity with network attack vector, low attack complexity, no privileges required, user interaction required, and impacts on confidentiality, integrity, and availability. The affected versions include all versions up to 4.2.3. No patch or official fix information is currently available.

Successful exploitation of this Stored XSS vulnerability could allow an attacker to execute arbitrary scripts in the context of users accessing the vulnerable component, potentially leading to partial disclosure of sensitive information, modification of data, or disruption of service. The CVSS vector indicates impacts on confidentiality, integrity, and availability, though the exact scope depends on the context of exploitation. No known active exploitation has been reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider applying input validation or output encoding workarounds if feasible. Monitor vendor communications for updates on patches or official mitigations.