This vulnerability in Fintelligence Calculator (<= 1.0.3) involves improper input sanitization that enables stored cross-site scripting attacks. An attacker can inject malicious scripts that persist on the application and execute in the context of other users' browsers, potentially leading to data disclosure, modification, or denial of service. The CVSS vector indicates network attack vector, low attack complexity, low privileges required, and user interaction needed, with a scope change and partial impact on confidentiality, integrity, and availability.

Successful exploitation can lead to execution of arbitrary scripts in the victim's browser, potentially resulting in theft of sensitive information, session hijacking, or disruption of application availability. The vulnerability affects confidentiality, integrity, and availability to a limited extent as indicated by the CVSS impact metrics. No active exploitation has been reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should apply standard XSS mitigations such as input validation and output encoding where possible. Monitor vendor communications for updates on patches or official workarounds.