CVE Catalog

CVE-2026-34416

MediumCVSS 6.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.07%

21th percentile - higher than 21% of all known CVEs

Summary

OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious input through the project request parameter.

Risk Assessment

Attackers can craft a malicious URL that, when visited by a victim, executes arbitrary scripts, potentially leading to data theft or session hijacking.

Recommendation

It is recommended to validate and sanitize all input data and implement appropriate XSS protections in the OSCAL-GUI application.

Original NVD description (English source)

OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious input through the project request parameter. Attackers can craft a malicious URL containing unsanitized input that breaks out of the JavaScript string and HTML attribute context in the body onload event handler to execute arbitrary scripts when the link is visited by a victim.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS