The Simplebooklet PDF Viewer and Embedder up to version 1.1.1 contains a stored cross-site scripting vulnerability due to improper input neutralization during web page generation. This allows an attacker with low privileges and the ability to trick a user into interacting with malicious content to execute arbitrary scripts within the application context. The vulnerability affects confidentiality, integrity, and availability at a limited level as reflected by the CVSS 3.1 vector AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L and a score of 6.5. No patch or official remediation guidance has been provided yet, and no exploits are known in the wild.

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the context of the affected application, potentially leading to limited disclosure of information, modification of data, or disruption of service. The impact is rated medium severity based on the CVSS score of 6.5. However, exploitation requires user interaction and low privileges, which somewhat limits the risk. There are no known active exploits reported at this time.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should exercise caution when handling untrusted input in the Simplebooklet PDF Viewer and Embedder and consider restricting access to trusted users only. Monitor vendor channels for updates and apply patches promptly once released.