This vulnerability in SendPulse Email Marketing Newsletter (<= 2.1.5) involves improper input sanitization leading to stored cross-site scripting (XSS). An attacker could inject malicious scripts that are stored and later executed when users access the affected web pages. The CVSS vector indicates the attack requires network access, low attack complexity, privileges, and user interaction, with impacts on confidentiality, integrity, and availability rated as low to low to low respectively. No patch or official fix information is provided in the available data.

Successful exploitation could allow an attacker to execute arbitrary scripts in the context of users interacting with the affected SendPulse Email Marketing Newsletter interface. This may lead to information disclosure, session hijacking, or other client-side impacts. The overall impact is rated medium severity based on the CVSS score of 6.5. There are no reports of active exploitation in the wild.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should exercise caution with input handling and consider applying any available workarounds or input validation controls. Monitor vendor channels for updates regarding patches or mitigations.