This vulnerability in CoolHappy Cool Flipbox – Shortcode & Gutenberg Block (versions up to 1.8.3) is a reflected cross-site scripting (XSS) issue caused by improper input neutralization during web page generation. An attacker could exploit this flaw by crafting malicious input that is reflected in the web page output, potentially executing arbitrary scripts in the context of the victim's browser. The CVSS score is 7.1 (high), indicating network attack vector, low attack complexity, no privileges required, user interaction required, and impacts to confidentiality, integrity, and availability. No patch or vendor advisory is currently provided, and no exploits are known in the wild.

Successful exploitation could allow an attacker to execute arbitrary scripts in the context of a user's browser, potentially leading to partial disclosure of information, modification of data, or disruption of service. The reflected XSS nature requires user interaction. The CVSS vector indicates a high impact on confidentiality, integrity, and availability, but exploitation is limited by the need for user interaction.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a patch is available, users should consider disabling or limiting use of the affected Cool Flipbox plugin versions and apply standard XSS mitigations such as input validation and output encoding where possible. Monitor official CoolHappy communications for updates or fixes.