This vulnerability in PropertyShift allows reflected XSS due to improper input neutralization during web page generation. It affects all versions up to 1.0.0. The CVSS 3.1 score is 7.1, indicating high severity with network attack vector, low attack complexity, no privileges required, user interaction required, and impacts on confidentiality, integrity, and availability. No patch or official remediation guidance is currently provided, and the product is not a cloud service.

Successful exploitation of this reflected XSS vulnerability can allow attackers to execute arbitrary scripts in the context of the victim's browser session, potentially leading to partial disclosure of sensitive information, modification of data, or disruption of service. The CVSS vector indicates that the attack can be performed remotely without privileges but requires user interaction.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, users should exercise caution with untrusted input and consider implementing web application firewall (WAF) rules or input validation as temporary mitigations. Monitor official channels for updates from the vendor.