Cross-Site Scripting Vulnerability in QuantumCloud Simple Link Directory
CVE-2025-48297
7.1HIGH
What is CVE-2025-48297?
A Cross-Site Scripting (XSS) vulnerability exists in QuantumCloud's Simple Link Directory, allowing attackers to inject malicious scripts into web pages viewed by users. This flaw can enable an attacker to execute arbitrary JavaScript in the context of the affected user’s session, potentially compromising sensitive information and session integrity.
Affected Version(s)
Simple Link Directory < 14.8.1
References
CVSS V3.1
Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
João Pedro S Alcântara (Kinorth) (Patchstack Alliance)