The vulnerability CVE-2025-23733 in sayoko SC Simple Zazzle is a reflected cross-site scripting (XSS) issue caused by improper input neutralization during web page generation. It affects all versions up to 1.1.6. The CVSS v3.1 base score is 7.1, indicating a high severity with network attack vector, low attack complexity, no privileges required, user interaction required, scope changed, and impacts on confidentiality, integrity, and availability. No patch or vendor advisory is currently available to confirm remediation status.

Successful exploitation of this vulnerability allows an attacker to execute arbitrary scripts in the context of the victim's browser session when they visit a crafted URL. This can lead to partial compromise of confidentiality (e.g., theft of sensitive information), integrity (e.g., manipulation of displayed content), and availability (e.g., disruption of service) of the affected web application for the user. There is no evidence of active exploitation in the wild.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider applying web application firewall (WAF) rules to detect and block reflected XSS attempts or implement input validation and output encoding as temporary mitigations if possible. Monitor vendor channels for updates and patches.