57588 matches found
CVE-2026-48223
Open ISES Tickets prior to 3.44.2 is affected by a reflected XSS in ics213rr.php. An authenticated attacker can send an unsanitized frm_add_str POST value that is echoed into a hidden HTML input value attribute, causing arbitrary JavaScript to execute in the victim’s browser when the page renders...
CVE-2026-48223
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics213rr.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frmaddstr POST parameter directly into an HTML form hidden input value attribute...
CVE-2026-48222 Open ISES Tickets < 3.44.2 Reflected XSS via ics213.php frm_add_str Parameter
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics213.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frmaddstr POST parameter directly into an HTML form hidden input value attribute...
CVE-2026-48221 Open ISES Tickets < 3.44.2 Reflected XSS via ics205a.php frm_add_str Parameter
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics205a.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frmaddstr POST parameter directly into an HTML form hidden input value attribute...
CVE-2026-48219
Open ISES Tickets prior to 3.44.2 has a reflected cross-site scripting flaw in ics202.php, where an unsanitized frm_add_str POST value is echoed into a hidden input, enabling an authenticated attacker to inject JavaScript in the response. Affected version range is before 3.44.2; patch/upgrade to ...
CVE-2026-48219
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics202.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frmaddstr POST parameter directly into an HTML form hidden input value attribute...
CVE-2026-48216 Open ISES Tickets < 3.44.2 Reflected XSS via db_loader.php Multiple POST Parameters
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in dbloader.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters ticketshost, ticketsdb, ticketsuser, ticketspassword,...
CVE-2026-48215
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in circle.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frmid POST parameter directly into an HTML form input value attribute. Attackers can...
EUVD-2026-31297
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in addnm.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid POST parameter directly into an HTML form input value attribute and an inlin...
CVE-2026-48214
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in addnm.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid POST parameter directly into an HTML form input value attribute and an inlin...
CVE-2026-48214
Summary: CVE-2026-48214 affects Open ISES Tickets up to version 3.44.1. It is a reflected cross-site scripting vulnerability in add_nm.php where an unsanitized ticket_id POST parameter is echoed into an HTML form input value attribute and an inline JavaScript string literal, enabling authenticate...
CVE-2026-48214 Open ISES Tickets < 3.44.2 Reflected XSS via add_nm.php ticket_id Parameter
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in addnm.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid POST parameter directly into an HTML form input value attribute and an inlin...
CVE-2026-48213
Open ISES Tickets prior to 3.44.2 has a reflected XSS in add.php via the ticket_id POST parameter, injecting unsanitized values into an HTML form input value attribute. Authenticated attackers can craft a request to execute JavaScript in the victim’s browser when the response renders. The issue i...
Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issue Update to Firefox Extended Support Release 140.11.0 ESR MFSA 2026-48 bsc1265212 CVE-2026-8388: Incorrect boundary conditions in the JavaScript Engine: JIT component. CVE-2026-8391: Other issue in the JavaScript Engine component...
SUSE-SU-2026:2039-1 Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issue Update to Firefox Extended Support Release 140.11.0 ESR MFSA 2026-48 bsc1265212 - CVE-2026-8388: Incorrect boundary conditions in the JavaScript Engine: JIT component. - CVE-2026-8391: Other issue in the JavaScript Engine component. -...
CVE-2026-47099
A flaw was found in TeleJSON. A remote attacker can exploit this DOM-based cross-site scripting XSS vulnerability by delivering a specially crafted JSON payload. This payload, containing a malicious constructor-name property value, is processed by the parse function without proper sanitization,...
PT-2026-42494
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in db loader.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters ticketshost, ticketsdb, ticketsuser, ticketspassword,...
PT-2026-42504
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in os watch.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ref and mode orig POST parameters directly into HTML form hidden input value...
PT-2026-42498
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics205.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frm add str POST parameter directly into an HTML form hidden input value attribute...
PT-2026-42666
Summary A cross-site scripting XSS vulnerability exists in the application’s Markdown rendering logic. When user-supplied Markdown content is rendered, embedded raw HTML—including tags—is processed and injected into the resulting page without sanitization, allowing arbitrary JavaScript execution ...