This vulnerability in NooTheme Visionary Core (<= 1.4.9) involves improper neutralization of input during web page generation, leading to reflected cross-site scripting (XSS). An attacker could exploit this by injecting malicious scripts that are reflected back to users, potentially impacting confidentiality, integrity, and availability as indicated by the CVSS vector. The vulnerability is remotely exploitable without privileges but requires user interaction.

Successful exploitation could allow an attacker to execute arbitrary scripts in the context of the affected web application, potentially leading to information disclosure, modification of data, or disruption of service. The CVSS vector indicates low complexity, no privileges required, but user interaction is necessary. The scope is changed, meaning the impact could extend beyond the vulnerable component.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should exercise caution with untrusted input and consider implementing web application firewall (WAF) rules to detect and block reflected XSS attempts. Monitor vendor channels for updates and apply patches promptly once released.