This vulnerability in Nextbricks Brickscore involves improper input sanitization leading to stored XSS (CWE-79). An attacker can inject malicious scripts that are stored by the application and later executed in the context of other users' browsers. The issue affects Brickscore versions through 1.4.2.5. The CVSS 3.1 base score is 7.1, indicating high severity with network attack vector, low attack complexity, no privileges required, user interaction required, and impacts on confidentiality, integrity, and availability. No patch or official remediation level has been published by the vendor as of the data provided.

Successful exploitation of this stored XSS vulnerability could allow an attacker to execute arbitrary scripts in the context of affected users, potentially leading to theft of sensitive information, session hijacking, or other malicious actions impacting confidentiality, integrity, and availability. However, no known exploits are currently reported in the wild.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider applying input validation and output encoding controls where possible as a temporary mitigation. Monitor vendor communications for updates on patches or official mitigations.