This vulnerability (CVE-2025-23521) affects GoodLayers Goodlayers Blocks up to version 1.0.1 and involves improper neutralization of input during web page generation, resulting in a reflected cross-site scripting (XSS) flaw. The CVSS 3.1 base score is 7.1, indicating a high severity with network attack vector, low attack complexity, no privileges required, user interaction required, and impacts on confidentiality, integrity, and availability. The vulnerability allows an attacker to inject malicious scripts that execute in the victim's browser when they visit a crafted URL or page. No patch or official vendor advisory is currently available, and the product is not a cloud service.

Successful exploitation of this reflected XSS vulnerability can lead to limited confidentiality, integrity, and availability impacts by executing arbitrary scripts in the context of the victim's browser. This could allow attackers to steal sensitive information, manipulate web content, or disrupt user sessions. However, no known exploits in the wild have been reported at this time.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should exercise caution when interacting with untrusted input or links related to GoodLayers Goodlayers Blocks. Monitor vendor channels for updates and apply patches promptly once released.