Cross-Site Scripting Vulnerability in Guardian Language-System by Unknown Vendor
CVE-2026-34096

4.8MEDIUM

Key Information:

Vendor

Guardian

Vendor
CVE Published:
1 July 2026

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2026-34096?

The Guardian Language-System is vulnerable to Cross-Site Scripting (XSS) due to improper sanitization of the 'name' parameter in the designer.php file. This vulnerability allows authenticated attackers to inject malicious script tags through a crafted URL, which can then execute in the context of the victim's browser session. This opens the door for account takeover, data theft, and further exploitation of user sessions.

Affected Version(s)

language-system 0

References

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

philopentest
.