This vulnerability in Metagauss ProfileGrid (profilegrid-user-profiles-groups-and-communities) is due to improper input sanitization during web page generation, leading to stored cross-site scripting (XSS). It affects all versions up to 5.9.8.1. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L) indicates network attack vector, low attack complexity, requires low privileges and user interaction, with scope changed and low impact on confidentiality, integrity, and availability. No patch or remediation information is currently available from the vendor or other sources.

Successful exploitation could allow an attacker with low privileges and requiring user interaction to execute arbitrary scripts in the context of other users, potentially leading to partial disclosure of information, modification of data, or disruption of availability within the ProfileGrid environment. The scope is changed, meaning the vulnerability affects resources beyond the initially vulnerable component. However, no known exploits have been reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, consider restricting user input where possible and applying web application firewall (WAF) rules to detect and block XSS payloads. Monitor vendor channels for updates and apply patches promptly once released.