CVE-2024-35644 describes a DOM-based Cross-site Scripting (XSS) vulnerability in the Pascal Birchler Preferred Languages product, affecting versions up to 2.2.2. The root cause is improper neutralization of input during web page generation, classified under CWE-79. The vulnerability has a CVSS 3.1 base score of 5.9, indicating a medium severity with network attack vector, low attack complexity, requiring high privileges and user interaction, and impacts confidentiality, integrity, and availability to a limited extent. No patch or vendor advisory is currently available to confirm remediation status.

Successful exploitation of this vulnerability could allow an attacker with high privileges and requiring user interaction to execute malicious scripts in the context of the affected web application, potentially leading to limited disclosure of information, modification of data, or disruption of service. However, no known exploits have been reported in the wild.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should exercise caution with input handling and consider applying any available workarounds or mitigations recommended by the vendor once published.