This vulnerability in the Drupal Obfuscate module (versions before 2.0.2) is classified as CWE-79, indicating improper neutralization of input during web page generation leading to Cross-Site Scripting (XSS). The vulnerability allows attackers to inject malicious scripts that could be executed in the context of a user's browser. The CVSS 3.1 base score is 6.1 (medium), with network attack vector, low attack complexity, no privileges required, user interaction required, scope changed, and impacts on confidentiality and integrity but not availability. No official patch or remediation level has been published by the vendor as of the data provided.

Successful exploitation could allow an attacker to execute arbitrary scripts in the context of the affected web application, potentially leading to disclosure or modification of sensitive information accessible to the user. The impact is limited to confidentiality and integrity, with no direct impact on availability. There are no known active exploits in the wild currently.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider applying any available updates to the Drupal Obfuscate module once version 2.0.2 or later is available. Additionally, applying standard XSS mitigations such as input validation and output encoding may help reduce risk but are not a substitute for an official patch.