The vulnerability CVE-2025-68852 affects webmuehle Court Reservation software through version 1.10.13. It is a reflected cross-site scripting (XSS) flaw caused by improper input neutralization during web page generation. This allows an attacker to craft malicious input that is reflected back in the web response and executed by the victim's browser, potentially leading to information disclosure, manipulation of web content, or denial of service. The CVSS v3.1 base score is 7.1, indicating high severity, with attack vector network, low attack complexity, no privileges required, user interaction required, and impacts on confidentiality, integrity, and availability at low to low levels but with scope changed.

Successful exploitation of this vulnerability can allow an attacker to execute arbitrary scripts in the context of the affected web application, potentially leading to partial disclosure of sensitive information, modification of web content, or disruption of service. The CVSS vector indicates that the attack can be performed remotely without privileges but requires user interaction. The overall impact is rated as high severity due to the combination of these factors.

No official patch or vendor advisory is currently available for this vulnerability. Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is released, users should consider applying web application firewall (WAF) rules to detect and block reflected XSS attempts and educate users to avoid clicking on suspicious links that could trigger the vulnerability.