This vulnerability (CVE-2024-37480) affects Apollo13Themes Apollo13 Framework Extensions versions up to 1.9.3 and is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation). It allows stored cross-site scripting (XSS), where malicious input is not properly sanitized before being rendered in web pages. The CVSS 3.1 vector indicates the attack requires network access, low attack complexity, low privileges, and user interaction, with impacts on confidentiality, integrity, and availability at a low level. No patch or official remediation level has been published by the vendor as of the data provided.

Successful exploitation could allow an attacker with low privileges to inject malicious scripts that execute in the context of other users' browsers, potentially leading to information disclosure, modification of data, or disruption of service. The impact is rated medium based on the CVSS score of 6.5. There are no reports of active exploitation in the wild.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider restricting input sources, applying web application firewalls with XSS protections, and limiting user privileges to reduce risk. Monitor vendor channels for updates and apply patches promptly once available.