This vulnerability in livemesh Livemesh Addons for Elementor is caused by improper input sanitization during the generation of web pages, leading to Cross-Site Scripting (XSS). It affects all versions up to 8.5. The CVSS vector indicates that the attack can be performed remotely over the network with low complexity and requires some user interaction. The vulnerability impacts confidentiality, integrity, and availability to a limited extent. No official patch or remediation guidance is currently available from the vendor or other authoritative sources.

Successful exploitation of this XSS vulnerability could allow an attacker to execute arbitrary scripts in the context of the affected web application, potentially leading to limited disclosure of information, manipulation of web content, or disruption of service. The attack requires low privileges and user interaction, which somewhat limits the risk. There are no reports of active exploitation in the wild.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider limiting exposure by restricting access to the affected plugin and monitoring for suspicious activity. Avoid enabling untrusted user input that could trigger the vulnerability. Do not rely on generic mitigations unless specifically recommended by the vendor.