This vulnerability in reverbnationdev's ReverbNation Widgets (<= 2.1) involves improper input sanitization during web page generation, leading to stored cross-site scripting (XSS). An attacker could inject malicious scripts that persist and execute in the context of users visiting affected pages. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L) indicates network attack vector, low attack complexity, requiring low privileges and user interaction, with a scope change and low impact on confidentiality, integrity, and availability.

Successful exploitation could allow an attacker to execute arbitrary scripts in the context of affected users, potentially leading to information disclosure, session hijacking, or other client-side impacts. The vulnerability affects confidentiality, integrity, and availability to a low degree. No known exploits in the wild have been reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no patch or official fix information is provided, users should monitor vendor communications for updates. Until a fix is available, consider limiting exposure by restricting widget usage or sanitizing inputs where possible.