A high-severity Reflected Cross-Site Scripting (XSS) vulnerability exists in Koen Schuit NextGEN Gallery Search, enabling an unauthenticated attacker to inject and execute malicious scripts in a user's browser, leading to potential data theft.

The software fails to adequately sanitize user-provided input, creating a Reflected XSS vulnerability. An unauthenticated attacker can construct a malicious link that, when accessed by a victim, executes arbitrary JavaScript in their browser in the security context of the vulnerable application.

This vulnerability, rated high with a CVSS score of 7.1, presents a significant security risk. An attacker could leverage this flaw to hijack user sessions, steal sensitive data entered into forms, deface the website on the client-side, or launch further attacks. This can result in a loss of customer confidence and potential regulatory compliance issues depending on the data compromised.

Immediate Action: Install the security patches released by the vendor as the primary and most critical remediation step.

Proactive Monitoring: Implement monitoring to detect and alert on suspicious URL requests that include common XSS payloads (e.g., <script>, onerror, onload).

Compensating Controls: Utilize a properly configured Web Application Firewall (WAF) to filter malicious requests and block XSS attempts, serving as a virtual patch.

Public Exploit Available: false

The high-severity nature of this XSS vulnerability requires immediate action. Administrators must prioritize applying the vendor's patch to prevent potential compromise of user accounts and sensitive information. Proactive measures should be taken to ensure all public-facing web applications are protected.