The Webliberty Simple Spoiler plugin (version ≤ 1.4) suffers from a stored cross-site scripting vulnerability due to improper input neutralization during web page generation. This flaw allows an attacker with low privileges to inject malicious scripts that execute in the context of other users, potentially leading to partial compromise of confidentiality, integrity, and availability. The vulnerability requires user interaction and has a CVSS 3.1 base score of 6.5 (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L). No patch or vendor advisory is currently provided, and no known exploits have been reported.

Successful exploitation can lead to stored XSS attacks, enabling attackers to execute arbitrary scripts in the context of other users, potentially resulting in partial disclosure of sensitive information, modification of data, or disruption of service. The vulnerability affects confidentiality, integrity, and availability to a limited extent. However, exploitation requires user interaction and low privileges.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should exercise caution with input handling and consider disabling or restricting use of the Simple Spoiler plugin. Monitor for vendor updates and apply patches promptly once released.