GHSA-ggfh-fv42-r856MediumCVSS 4.6

Guardian language-system fails to sanitize the name GET parameter before outputting it into an...

Published
July 1, 2026
Last Modified
July 1, 2026

🔗 CVE IDs covered (1)

📋 Description

Guardian language-system fails to sanitize the name GET parameter before outputting it into an HTML input value attribute in designer.php (line 57). An authenticated attacker can craft a URL containing script tags that execute in the victim's browser session.

🔗 References (4)