This vulnerability, identified as CWE-79, involves improper input sanitization in the Félix Martínez Recipes manager - WPH software, which permits stored XSS attacks. The flaw affects all versions up to 1.0.4, enabling attackers with high privileges and requiring user interaction to inject malicious scripts that can compromise confidentiality, integrity, and availability to a limited extent. The CVSS 3.1 base score is 5.9, reflecting network attack vector, low attack complexity, high privileges required, user interaction needed, and partial impact on confidentiality, integrity, and availability.

Successful exploitation can lead to execution of malicious scripts in the context of the affected web application, potentially allowing attackers to steal sensitive information, manipulate content, or disrupt availability. The impact is limited by the requirement for high privileges and user interaction. No known exploits have been reported in the wild.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should apply strict input validation and output encoding where possible and restrict high privilege access to trusted users. Monitor vendor channels for updates regarding patches or official mitigations.