This vulnerability (CVE-2025-31442) involves improper neutralization of input in the e1tekoap42 Search engine keywords highlighter, leading to reflected cross-site scripting (XSS). It affects versions up to and including 0.1.3. The flaw allows an attacker to inject malicious scripts that can execute in users' browsers when they interact with the affected component. The CVSS 3.1 base score is 7.1, with vector AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L, indicating network attack vector, low attack complexity, no privileges required, user interaction required, scope changed, and low impact on confidentiality, integrity, and availability.

Successful exploitation of this vulnerability can lead to execution of arbitrary scripts in the context of the victim's browser, potentially resulting in information disclosure, session hijacking, or other impacts on confidentiality, integrity, and availability as indicated by the CVSS vector. The scope change means the vulnerability can affect resources beyond the initially vulnerable component.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no patch or official fix information is provided, users should monitor vendor communications for updates. Until a fix is available, consider applying input validation or output encoding workarounds if feasible, and avoid exposing the vulnerable component to untrusted input where possible.