CVE Catalog

CVE-2026-34097

MediumCVSS 4.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.15%

4th percentile — higher than 4% of all known CVEs

Summary

The vulnerability in the Guardian language-system is due to the failure to sanitize the 'id' GET parameter before inserting it into HTML form action attributes in text_file.php. An authenticated attacker can craft a URL that injects script tags executing in the victim's browser session.

Risk Assessment

The risk involves the potential execution of scripts within an authenticated user's session, which could lead to data theft, session hijacking, or further attacks on the organization.

Recommendation

Immediately update the Guardian language-system to the latest patched version and implement input validation and sanitization for all GET parameters in the application.

Original NVD description (English source)

Guardian language-system fails to sanitize the id GET parameter before inserting it into multiple HTML form action attributes in text_file.php (lines 94, 101, 323, 403, 826, 852). An authenticated attacker can craft a URL that injects script tags executing in the victim's browser session.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS