This vulnerability in sizam REHub Framework (versions before 19.9.9.7) involves improper neutralization of input during web page generation, resulting in stored cross-site scripting (XSS). An attacker with low privileges can inject malicious scripts that execute when other users view the affected pages, potentially leading to partial compromise of confidentiality, integrity, and availability. The CVSS 3.1 vector indicates network attack vector, low attack complexity, requiring privileges and user interaction, and a scope change. No official patch or vendor advisory is currently available.

Successful exploitation allows an attacker to execute arbitrary scripts in the context of affected users, potentially leading to partial disclosure of information, modification of data, or disruption of service. The impact is rated medium with a CVSS score of 6.5, reflecting limited but meaningful confidentiality, integrity, and availability impacts. There are no known exploits in the wild at this time.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict privileges to trusted users and apply web application firewall (WAF) rules to detect and block XSS payloads where possible. Avoid exposing vulnerable functionality to untrusted users and monitor for suspicious activity related to input handling.