This vulnerability involves improper neutralization of input during web page generation in Navigation Du Lapin Blanc, resulting in a DOM-based XSS issue. It affects all versions up to 1.1.1. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L) indicates that the attack can be performed remotely over the network with low attack complexity, requires low privileges and user interaction, and can lead to partial confidentiality, integrity, and availability impacts with scope change.

Successful exploitation could allow an attacker to execute arbitrary scripts in the context of the affected web application, potentially leading to partial disclosure of information, modification of data, and disruption of availability. The scope change in the CVSS vector suggests the vulnerability may affect components beyond the initially vulnerable scope.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider applying input validation or output encoding workarounds if feasible. Monitor vendor communications for updates on patches or official mitigations.