The EzyOnlineBookings Online Booking System Widget versions up to 1.3 contain a DOM-based XSS vulnerability due to improper input neutralization during web page generation. This allows an attacker with low privileges and requiring user interaction to execute scripts that can impact confidentiality, integrity, and availability to a limited extent. The vulnerability is network exploitable and affects the client-side processing of input data.

Successful exploitation could allow an attacker to execute arbitrary scripts in the context of the affected web application, potentially leading to limited disclosure of information, modification of data, or disruption of service. The impact is rated as medium severity based on the CVSS score of 6.5, reflecting limited but non-negligible consequences.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should apply standard XSS mitigations such as input validation and output encoding where possible. Monitor vendor communications for updates regarding patches or official fixes.