This vulnerability involves improper neutralization of input during web page generation in Jthemes Prestige, resulting in a reflected cross-site scripting (XSS) issue. An attacker can craft malicious input that, when reflected by the application, executes arbitrary scripts in the victim's browser session. The affected versions are all Prestige releases prior to 1.4.1. The CVSS v3.1 base score is 7.1, indicating high severity, with network attack vector, low attack complexity, no privileges required, user interaction required, scope changed, and impacts on confidentiality, integrity, and availability.

Successful exploitation could allow an attacker to execute arbitrary scripts in the context of a user's browser, potentially leading to information disclosure, session hijacking, or other client-side impacts. The vulnerability affects confidentiality, integrity, and availability to a limited extent as per the CVSS vector. No known active exploitation has been reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since the vulnerability affects versions prior to 1.4.1, upgrading to version 1.4.1 or later may resolve the issue if the vendor has addressed it in that release. Until an official fix is confirmed, avoid using affected versions in untrusted environments and consider implementing web application firewall (WAF) rules to detect and block reflected XSS attempts.