This vulnerability involves reflected XSS in Silverpeas Core's AdvancedSearch feature prior to version 6.4.6. An attacker can craft input that is reflected in the search results without proper sanitization, enabling execution of arbitrary JavaScript in the victim's browser session. This can lead to typical XSS impacts such as session hijacking or content manipulation, depending on the attacker's payload and context. No CVSS score or remediation details are provided in the available data.

Successful exploitation could allow an attacker to execute arbitrary JavaScript code in the context of a user's browser when interacting with the vulnerable AdvancedSearch functionality. This may lead to theft of user credentials, session tokens, or other sensitive information accessible to the browser. However, no specific exploitation in the wild or detailed impact scenarios are documented.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since the vulnerability affects versions before 6.4.6, upgrading to version 6.4.6 or later is likely recommended once confirmed by the vendor. Until an official fix is available, users should exercise caution when interacting with untrusted input in the AdvancedSearch feature.