This vulnerability in the Nested Pages plugin by Kyle Phillips allows an attacker with high privileges and requiring user interaction to inject and store malicious scripts via improperly sanitized input during page generation. The stored XSS can lead to limited confidentiality, integrity, and availability impacts as indicated by the CVSS vector (AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L). The affected versions include all versions up to 3.2.9. No patch or fix information is provided in the available data.

Successful exploitation could allow an attacker with high privileges to execute arbitrary scripts in the context of the affected site, potentially leading to limited data disclosure, modification, or disruption of service. The vulnerability requires user interaction and privileges, which reduces the overall risk. No known active exploitation has been reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict high-privilege user access and be cautious with user interactions that could trigger the vulnerability. Monitor vendor channels for updates regarding patches or mitigations.