This vulnerability in PenciDesign Soledad (<= 8.7.2) involves improper neutralization of input during web page generation, resulting in a DOM-based Cross-site Scripting (XSS) issue. The CVSS 3.1 score is 6.5 (medium), with attack vector network, low attack complexity, requiring privileges and user interaction, and impacts on confidentiality, integrity, and availability at a low level. The vulnerability allows an attacker with some privileges to inject malicious scripts that execute in the context of the victim's browser.

Successful exploitation can lead to partial compromise of confidentiality, integrity, and availability of the affected system or user data through execution of malicious scripts in the victim's browser context. This can facilitate actions such as session hijacking or unauthorized actions performed on behalf of the user. However, the impact is limited by the requirement for user interaction and privileges.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official patch or fix information is currently available. Until a fix is released, users should apply standard mitigations for DOM-based XSS such as input validation and output encoding where possible. Monitor vendor channels for updates and apply patches promptly once available.