This vulnerability in Atlas Gondal Export Media URLs (versions <= 2.2) involves improper neutralization of input during web page generation, resulting in reflected Cross-site Scripting (XSS). The CVSS 3.1 score is 7.1, indicating high severity, with network attack vector, low attack complexity, no privileges required, user interaction required, and scope changed. The impact includes low confidentiality, integrity, and availability impacts. No patch or vendor advisory is currently available to confirm remediation status.

Successful exploitation of this reflected XSS vulnerability could allow an attacker to execute arbitrary scripts in the context of the victim's browser when they visit a crafted URL. This may lead to partial disclosure of information, modification of data, or disruption of availability related to the affected web application. The CVSS vector indicates user interaction is required and the attack can be performed remotely without privileges.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should exercise caution when handling URLs generated by the Export Media URLs product and consider implementing web application firewall (WAF) rules to detect and block reflected XSS attempts. Avoid clicking on suspicious links and ensure input validation and output encoding are applied where possible.