CVE Catalog

CVE-2026-34096

MediumCVSS 4.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.15%

4th percentile — higher than 4% of all known CVEs

Summary

The XSS vulnerability in the Guardian language-system fails to sanitize the 'name' GET parameter before outputting it into an HTML input value attribute in designer.php (line 57). An authenticated attacker can craft a URL containing script tags that execute in the victim's browser session.

Risk Assessment

The risk involves the execution of arbitrary JavaScript in the victim's browser, potentially leading to session theft, content modification, or further attacks on system users.

Recommendation

Implement proper sanitization of the 'name' parameter before outputting it in HTML, such as HTML entity encoding or using functions like htmlspecialchars(). Also, update to the latest version of the Guardian system.

Original NVD description (English source)

Guardian language-system fails to sanitize the name GET parameter before outputting it into an HTML input value attribute in designer.php (line 57). An authenticated attacker can craft a URL containing script tags that execute in the victim's browser session.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS