This vulnerability in NotFound Bridge Core is classified as CWE-79, indicating improper neutralization of input during web page generation that leads to stored XSS. An attacker could inject malicious scripts that are stored by the application and later executed in the context of other users' browsers. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L) indicates network attack vector, low attack complexity, requires low privileges and user interaction, with scope changed and impacts on confidentiality, integrity, and availability at a low level. No patch or official remediation guidance is currently available.

Successful exploitation could allow an attacker to execute arbitrary scripts in the context of affected users, potentially leading to information disclosure, modification of data, or disruption of service. The impact is rated as medium severity based on the CVSS score and vector, reflecting limited but meaningful confidentiality, integrity, and availability impacts. There are no known exploits in the wild at this time.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should apply standard XSS mitigations such as input validation and output encoding where possible. Monitor vendor communications for updates on patches or official mitigations.