CVE-2024-47348 is a reflected Cross-site Scripting vulnerability in YellowPencil Visual CSS Style Editor (versions up to 7.6.4). It results from improper input neutralization during web page generation, enabling attackers to inject malicious scripts that execute in users' browsers. The vulnerability has a CVSS 3.1 base score of 7.1, reflecting a network-exploitable issue with low complexity and requiring user interaction. No patch or official fix information is currently available from the vendor or other sources. The vulnerability does not affect cloud services and no known active exploitation has been reported.

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the context of the victim's browser, potentially leading to information disclosure, modification of content, or disruption of availability. The CVSS vector indicates impacts on confidentiality, integrity, and availability, but exploitation requires user interaction. There are no known exploits in the wild at this time.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a patch is available, users should consider limiting exposure by restricting access to the affected plugin or disabling it if feasible. Monitor official YellowPencil advisories for updates and apply any official fixes promptly once released.