This vulnerability in ThemeFusion Fusion Builder (versions before 3.15.0) involves improper neutralization of input during web page generation, leading to reflected cross-site scripting (XSS). An attacker could exploit this flaw by injecting malicious scripts that are reflected back to users, potentially impacting confidentiality, integrity, and availability. The CVSS 3.1 base score is 7.1, indicating high severity with network attack vector, low attack complexity, no privileges required, user interaction required, and scope changed. No patch or official remediation guidance is currently available.

Successful exploitation could allow an attacker to execute arbitrary scripts in the context of the affected application, potentially leading to information disclosure, modification of data, or disruption of service. The reflected XSS nature requires user interaction to trigger the payload. There are no known active exploits reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider applying workarounds if available or restrict access to the vulnerable component. Monitor official ThemeFusion communications for updates.