This vulnerability (CVE-2026-57326) is an unauthenticated cross-site scripting (XSS) issue in the Business Directory product by Strategy11 Team, affecting versions up to 6.4.22. The flaw arises from improper neutralization of input during web page generation (CWE-79), enabling attackers to inject malicious scripts that execute in the context of users' browsers. The CVSS 3.1 base score is 6.5, reflecting a network attack vector with low attack complexity, no privileges required, but requiring user interaction. The impact includes limited confidentiality and integrity loss without availability impact. There is no vendor advisory or patch currently available, and no known exploits in the wild have been reported.

Successful exploitation allows unauthenticated attackers to execute arbitrary scripts in users' browsers, potentially leading to partial disclosure of sensitive information and modification of data within the affected web application context. The vulnerability does not impact system availability. The CVSS score of 6.5 indicates a medium severity level with confidentiality and integrity impacts.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, consider applying temporary mitigations such as input validation and output encoding on affected inputs if possible. Monitor official Strategy11 Team communications for updates and patches.