This vulnerability, identified as CWE-79, involves improper neutralization of input during web page generation in the uxper Sala product, resulting in reflected Cross-site Scripting (XSS). The issue affects versions up to 1.1.3 and allows an attacker to inject malicious scripts that are reflected back to users, potentially impacting confidentiality, integrity, and availability. The CVSS 3.1 base score is 7.1, indicating a high severity with network attack vector, low attack complexity, no privileges required, user interaction required, and scope changed. No known exploits in the wild or patch information are currently documented.

Successful exploitation of this vulnerability can lead to execution of arbitrary scripts in the context of the victim's browser, potentially allowing theft of sensitive information, session hijacking, or other malicious actions that impact confidentiality, integrity, and availability to a limited extent. The CVSS vector indicates partial impact on confidentiality, integrity, and availability.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider applying input validation and output encoding controls as temporary mitigations to reduce the risk of reflected XSS. Monitor vendor channels for updates regarding patches or official mitigations.