This vulnerability in EverPress BruteGuard – Brute Force Login Protection (versions <= 0.1.4) involves improper neutralization of input during web page generation, resulting in reflected cross-site scripting (XSS). The CVSS 3.1 score is 7.1 (high), with attack vector network, low attack complexity, no privileges required, user interaction required, scope changed, and impacts on confidentiality, integrity, and availability rated low to low and low respectively. The issue allows attackers to inject malicious scripts that execute in the context of the victim's browser.

Successful exploitation can lead to reflected XSS attacks, potentially allowing attackers to execute arbitrary scripts in the context of the victim's browser. This can result in limited confidentiality and integrity loss, such as theft of session tokens or manipulation of displayed content, and limited availability impact. There are no known exploits in the wild currently.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no patch or official fix information is provided, users should monitor vendor communications for updates. In the meantime, consider applying input validation or output encoding workarounds if feasible.