Cross-Site Scripting Vulnerability in Guardian Language-System
CVE-2026-34098
4.8MEDIUM
What is CVE-2026-34098?
The Guardian Language-System contains a cross-site scripting vulnerability due to improper sanitization of the 'id' GET parameter in media.php. This flaw enables authenticated attackers to craft malicious URLs that can execute script tags in the browser session of unsuspecting users, potentially leading to unauthorized data exposure or manipulation. It is crucial for users of the Guardian Language-System to implement the latest security updates to mitigate this risk.
Affected Version(s)
language-system 0
References
CVSS V4
Score:
4.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Credit
philopentest
