CVE-2024-51826 describes a DOM-based Cross-site Scripting vulnerability in Jandal Bitcoin Payments up to version 1.4.2. The issue arises from improper neutralization of input during web page generation, allowing malicious scripts to be executed in the victim's browser. The vulnerability requires network access, low attack complexity, limited privileges, and user interaction. The CVSS score is 6.5 (medium severity), reflecting limited but notable impact on confidentiality, integrity, and availability.

Successful exploitation could allow an attacker to execute arbitrary scripts in the context of the affected application, potentially leading to information disclosure, manipulation of application data, or disruption of service. The impact is limited by the requirement for user interaction and the need for the attacker to have low privileges. There are no reports of active exploitation in the wild.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should exercise caution with untrusted input and consider implementing additional input validation or content security policies to mitigate DOM-based XSS risks. Monitor vendor communications for updates on patches or official mitigations.