CVE Catalog

CVE-2026-53741

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.03%

9th percentile — higher than 9% of all known CVEs

Summary

Simple Link Directory version 9.0.4 interpolates the sld_no_results_found option into a JavaScript string literal without encoding. Because sanitize_text_field leaves quotes intact, a stored payload can break out of the string and run script for every page visitor.

Risk Assessment

This vulnerability may lead to the execution of malicious scripts on visitor pages, posing a risk of data theft or session hijacking.

Recommendation

It is recommended to update to the latest version of Simple Link Directory and implement proper input encoding mechanisms to prevent script injection.

Original NVD description (English source)

Simple Link Directory through 9.0.4 interpolates the sld_no_results_found option into a JavaScript string literal without encoding. Because sanitize_text_field leaves quotes intact, a stored payload breaks out of the string and runs script for every page visitor.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS