This vulnerability (CVE-2024-30530) is a stored cross-site scripting (CWE-79) issue in the Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar. It arises from improper neutralization of input during web page generation, allowing malicious scripts to be stored and executed when viewed by users. The affected product versions include all versions up to 5.1. The CVSS 3.1 base score is 6.5, with vector AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L, indicating network attack vector, low attack complexity, requiring low privileges and user interaction, with scope changed and low impact on confidentiality, integrity, and availability. No patch or official remediation guidance is currently available from the vendor, and no exploits have been observed in the wild.

Successful exploitation of this stored XSS vulnerability could allow an attacker with low privileges and requiring user interaction to execute arbitrary scripts in the context of the affected application. This may lead to partial compromise of confidentiality, integrity, and availability of the application or user data. The scope is changed, meaning the vulnerability affects components beyond the initially vulnerable component. However, no known active exploitation has been reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or remediation level is provided, users should monitor for vendor updates. Until a patch is available, consider applying input validation or output encoding workarounds if feasible. Avoid exposing the vulnerable application to untrusted users or inputs where possible.