This vulnerability in bdthemes ZoloBlocks (<= 2.3.12) involves improper neutralization of input during web page generation, resulting in a DOM-based Cross-site Scripting (XSS) flaw. An attacker could exploit this to execute arbitrary scripts in the victim's browser, potentially leading to partial compromise of confidentiality, integrity, and availability. The CVSS 3.1 score is 6.5 (medium severity), with network attack vector, low complexity, requiring privileges and user interaction, and scope change. No patch or official remediation guidance is currently provided.

Successful exploitation could allow an attacker to execute arbitrary scripts in the context of a user's browser, potentially leading to partial disclosure of information, modification of data, or disruption of service. The impact is rated medium based on the CVSS score and vector, reflecting limited but non-negligible consequences. There are no known active exploits in the wild at this time.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should exercise caution with untrusted input and consider applying temporary mitigations such as input validation or content security policies where feasible. Monitor bdthemes communications for updates and apply patches promptly once available.