CVE-2026-53741 MEDIUM

CVE-2026-53741: Simple Link Directory through 9.0.4 Stored XSS via sld_no_results_found Option

Vendor Quantumcloud
Product Simple Link Directory
Weakness CWE-79 · XSS
Published June 10, 2026
Last update June 11, 2026

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

Simple Link Directory through 9.0.4 interpolates the sld_no_results_found option into a JavaScript string literal without encoding. Because sanitize_text_field leaves quotes intact, a stored payload breaks out of the string and runs script for every page visitor.

Key dates

02Disclosure timeline

June 10, 2026 CVE published
June 11, 2026 Record updated

Related vulnerabilities

04Related CVE