This vulnerability in Jakub Glos Off Page SEO plugin (versions ≤ 3.0.3) involves improper neutralization of input during web page generation, resulting in a reflected cross-site scripting (XSS) flaw. An attacker can craft malicious input that is reflected in the web page without proper sanitization, potentially executing arbitrary scripts in the victim's browser. The CVSS 3.1 vector indicates network attack vector, low attack complexity, no privileges required, user interaction required, scope changed, and impacts on confidentiality, integrity, and availability at a low level.

Successful exploitation of this reflected XSS vulnerability can allow attackers to execute arbitrary scripts in the context of the victim's browser session. This may lead to limited disclosure of sensitive information, modification of web page content, or disruption of availability. The CVSS score of 7.1 reflects a high severity with impacts on confidentiality, integrity, and availability, but exploitation requires user interaction.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official fix or patch links are provided at this time. Until a patch is available, users should consider applying input validation or sanitization controls where possible and avoid exposing the vulnerable plugin to untrusted input. Monitor vendor channels for updates.