This vulnerability in Muneeb Mobile rocket-wp-mobile (versions <= 1.3.3) involves improper neutralization of input during web page generation, resulting in a reflected cross-site scripting (XSS) flaw. An attacker can craft malicious input that is reflected in web pages without proper sanitization, potentially executing arbitrary scripts in the victim's browser. The CVSS 3.1 base score is 7.1 (high), with network attack vector, low attack complexity, no privileges required, user interaction required, scope changed, and impacts on confidentiality, integrity, and availability at low to low levels.

Successful exploitation of this vulnerability can allow attackers to execute arbitrary scripts in the context of the affected web application, potentially leading to information disclosure, modification of data, or disruption of service. The reflected XSS nature requires user interaction to trigger the attack. The overall impact is rated as high severity based on CVSS 3.1 scoring.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should exercise caution with untrusted input and consider implementing web application firewall (WAF) rules to detect and block reflected XSS attempts. Monitor vendor communications for updates and patches.