Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Wed, 10 Jun 2026 13:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 10 Jun 2026 11:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Brian-ruf
Brian-ruf oscal-gui |
|
| Vendors & Products |
Brian-ruf
Brian-ruf oscal-gui |
Tue, 09 Jun 2026 21:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious input through the project request parameter. Attackers can craft a malicious URL containing unsanitized input that breaks out of the JavaScript string and HTML attribute context in the body onload event handler to execute arbitrary scripts when the link is visited by a victim. | |
| Title | OSCAL-GUI Reflected XSS via project parameter in oscal.php | |
| Weaknesses | CWE-79 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-06-10T12:55:26.296Z
Reserved: 2026-03-27T15:24:06.752Z
Link: CVE-2026-34416
Updated: 2026-06-10T12:55:19.204Z
Status : Deferred
Published: 2026-06-09T21:17:08.740
Modified: 2026-06-10T19:41:25.327
Link: CVE-2026-34416
No data.
OpenCVE Enrichment
Updated: 2026-06-10T11:22:01Z