This vulnerability in GhozyLab Popup Builder (<= 1.1.33) involves improper input sanitization leading to stored cross-site scripting (XSS). An attacker could inject malicious scripts that are stored and later executed in the context of users viewing the affected popup content. The CVSS 3.1 vector indicates network attack vector, low attack complexity, requiring privileges and user interaction, with impact on confidentiality, integrity, and availability rated as low to low to low respectively. No patch or vendor advisory is currently available.

Successful exploitation could allow an attacker to execute arbitrary scripts in the context of users interacting with the vulnerable popup, potentially leading to information disclosure, session hijacking, or other client-side impacts. The overall impact is rated medium based on the CVSS score. There are no reports of active exploitation in the wild.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider disabling or limiting use of the affected Popup Builder versions. Implementing web application firewall (WAF) rules to detect and block XSS payloads may provide temporary mitigation. Avoid relying on generic security measures unrelated to this specific vulnerability.