Cross-Site Scripting Vulnerability in Guardian Language System
CVE-2026-34097

4.8MEDIUM

Key Information:

Vendor

Guardian

Vendor
CVE Published:
1 July 2026

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2026-34097?

The Guardian Language System contains a vulnerability where the 'id' parameter in the text_file.php file is not properly sanitized before being used in HTML form action attributes. This oversight allows authenticated attackers to craft malicious URLs that inject and execute script tags within the context of a victim's browser session, potentially leading to unauthorized actions and data exposure.

Affected Version(s)

language-system 0

References

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

philopentest
.