xfce4-settings contains the configuration system for the Xfce desktop environment.
xfce4-settings does not sufficiently sanitize URLs opened via xdg4-mime-helper-tool (which is called when a user clicks a link in e.g. Firefox).
The vulnerability can be leveraged into 1-click universal cross site scripting in some browsers, or potentially other unspecified impact.
There is no known workaround at this time.
All xfce4-settings users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=xfce-base/xfce4-settings-4.17.1"