This vulnerability in CozyThemes Cozy Blocks cozy-addons (versions ≤ 2.1.6) involves improper neutralization of input during web page generation, leading to stored cross-site scripting (XSS). An attacker with low privileges and requiring user interaction can exploit this to execute arbitrary scripts in the context of other users, potentially impacting confidentiality, integrity, and availability of the affected system. The CVSS 3.1 vector indicates network attack vector, low attack complexity, privileges required, user interaction required, and scope changed.

Successful exploitation could allow an attacker to execute arbitrary scripts in the context of other users, potentially leading to information disclosure, modification of data, or disruption of service. The impact affects confidentiality, integrity, and availability at a low level each, consistent with the CVSS score of 6.5 (medium severity). No known exploits in the wild have been reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should apply standard defenses against XSS such as input validation and output encoding where possible. Monitor vendor channels for updates or patches addressing this vulnerability.