This vulnerability (CVE-2025-52747) affects Jthemes Themebox - Digital Products Ecommerce up to version 1.4.2 and is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation). It allows reflected Cross-site Scripting (XSS) attacks, where malicious input is not properly sanitized before being included in web pages, enabling attackers to execute arbitrary scripts in users' browsers. The CVSS 3.1 base score is 7.1, indicating a high severity with network attack vector, low attack complexity, no privileges required, user interaction required, and impacts on confidentiality, integrity, and availability. There is no vendor-provided patch or remediation level specified at this time, and no known exploits have been reported in the wild.

Successful exploitation of this vulnerability can allow attackers to execute arbitrary scripts in the context of the victim's browser, potentially leading to partial disclosure of sensitive information, modification of web content, or disruption of service. The CVSS score reflects impacts on confidentiality, integrity, and availability, though the exact extent depends on the context of exploitation. No known active exploitation has been reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should exercise caution with untrusted input and consider implementing web application firewall (WAF) rules to detect and block reflected XSS attempts. Monitor vendor communications for updates and apply patches promptly once available.