Impact
An authenticated attacker can craft a URL containing script tags in the id parameter, which the application inserts directly into several HTML form action attributes without sanitization. This can cause arbitrary script execution in the victim’s browser session, potentially enabling session hijacking, credential theft, or further attacks. The vulnerability is an instance of improper input handling (CWE‑79).
Affected Systems
The vulnerability affects Guardian language‑system. No specific version information is provided in the advisory.
Risk and Exploitability
The CVSS score of 4.8 indicates moderate severity. The EPSS score is not available, so exploitation probability cannot be precisely quantified. The vulnerability is not listed in the CISA KEV catalog. Because the flaw requires authentication and an attacker can specify arbitrary script payloads, the likely attack vector is web‑based exploitation by a legitimate user account. Overall risk is moderate, but could be higher in environments where privileged accounts are used to abuse the vulnerability.
OpenCVE Enrichment