Advisories

Guardian Language-System XSS via id Parameter in text_file.php

Go Back
severity
medium
date
Affecting
  • language-system <= commit e42c395

  • An affected version range remains undefined

CWE
  • CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS
4.8
CVSS V4 Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Credit
philopentest
Description
Guardian language-system fails to sanitize the id GET parameter before inserting it into multiple HTML form action attributes in text_file.php (lines 94, 101, 323, 403, 826, 852). An authenticated attacker can craft a URL that injects script tags executing in the victim's browser session.

Ready to get Started?

Explore VulnCheck, a next-generation Cyber Threat Intelligence platform, which provides exploit and vulnerability intelligence to help you prioritize and remediate vulnerabilities that matter.
  • Vulnerability Prioritization
    Prioritize vulnerabilities that matter based on the threat landscape and defer vulnerabilities that don't.
  • Early Warning System
    Real-time alerting of changes in the vulnerability landscape so that you can take action before the attacks start.