This vulnerability (CVE-2024-44053) involves improper neutralization of input in the Opor Ayam application, leading to reflected Cross-site Scripting (CWE-79). An attacker can craft malicious input that is reflected in the web page response without proper sanitization, potentially executing arbitrary scripts in the context of the victim's browser. The affected product versions include all versions up to 1.8. The CVSS v3.1 base score is 7.1, with vector AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L, indicating network attack vector, low attack complexity, no privileges required, user interaction required, scope changed, and low impact on confidentiality, integrity, and availability. There is no vendor advisory or patch information available, and the product is not a cloud service.

Successful exploitation of this reflected XSS vulnerability can allow attackers to execute arbitrary scripts in the context of users' browsers, potentially leading to session hijacking, defacement, or redirection to malicious sites. The CVSS score reflects low to moderate impact on confidentiality, integrity, and availability. No known active exploits have been reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider applying input validation and output encoding on all user-supplied data in the application. Employing web application firewalls (WAFs) that detect and block reflected XSS attempts may provide temporary mitigation. Monitor vendor channels for updates and patches.