The afzal_du Reactive Mortgage Calculator versions up to 1.1 suffer from a stored cross-site scripting vulnerability due to improper input neutralization during web page generation. This allows attackers with some level of privileges (PR:L) and requiring user interaction (UI:R) to inject malicious scripts that can affect confidentiality, integrity, and availability to a limited extent. The vulnerability is network exploitable with low attack complexity and impacts multiple security properties (confidentiality, integrity, availability).

Successful exploitation could allow an attacker to execute arbitrary scripts in the context of the affected application, potentially leading to limited disclosure of information, modification of data, or disruption of service. The CVSS score of 6.5 indicates a medium impact level. There are no reports of active exploitation in the wild.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no patch or official fix information is provided, users should monitor for vendor updates. Until a fix is available, consider restricting user input or employing web application firewalls to detect and block XSS payloads related to this product.