CVE-2024-33571 describes a cross-site scripting vulnerability in the VOD Infomaniak product by Infomaniak Network, affecting versions up to 1.5.6. The vulnerability is caused by improper neutralization of input during the generation of web pages, allowing attackers to inject and execute malicious scripts. The CVSS 3.1 base score is 7.1, reflecting network attack vector, low attack complexity, no privileges required, user interaction required, scope changed, and impacts on confidentiality, integrity, and availability. No patch or official remediation information is provided in the available data.

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the context of the affected web application, potentially leading to information disclosure, modification of data, or denial of service. The CVSS vector indicates that the attack can be performed remotely without privileges but requires user interaction. The scope change suggests that the vulnerability affects components beyond the initially vulnerable component.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should exercise caution when interacting with the affected application and consider implementing web application firewall (WAF) rules to detect and block potential XSS payloads. Monitor vendor communications for updates on patches or official mitigations.