This vulnerability in the Design Stylish Cost Calculator product involves improper neutralization of input during web page generation, resulting in stored cross-site scripting (XSS). Attackers could inject malicious scripts that are stored by the application and executed when other users view the affected pages. The issue affects versions up to 8.2.9. The CVSS score of 6.5 reflects that the vulnerability can be exploited remotely with low attack complexity but requires some user interaction and privileges. No patch or vendor advisory details are currently available.

Successful exploitation could lead to partial confidentiality, integrity, and availability impacts as indicated by the CVSS vector (C:L/I:L/A:L). This means an attacker might be able to execute scripts in the context of other users, potentially stealing information, modifying content, or causing disruption. However, no known active exploitation has been reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider applying input validation or output encoding workarounds if feasible. Monitor vendor communications for updates and apply patches promptly once available.