EUVD-2026-31306

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics213rr.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frmaddstr POST parameter directly into an HTML form hidden input value attribute...

CVE-2026-48223

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics213rr.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frmaddstr POST parameter directly into an HTML form hidden input value attribute...

CVE-2026-48223 Open ISES Tickets < 3.44.2 Reflected XSS via ics213rr.php frm_add_str Parameter

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics213rr.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frmaddstr POST parameter directly into an HTML form hidden input value attribute...

CVE-2026-48222 Open ISES Tickets < 3.44.2 Reflected XSS via ics213.php frm_add_str Parameter

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics213.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frmaddstr POST parameter directly into an HTML form hidden input value attribute...

CVE-2026-48222 Open ISES Tickets < 3.44.2 Reflected XSS via ics213.php frm_add_str Parameter

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics213.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frmaddstr POST parameter directly into an HTML form hidden input value attribute...

EUVD-2026-31301

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics213.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frmaddstr POST parameter directly into an HTML form hidden input value attribute...

CVE-2026-48222

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics213.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frmaddstr POST parameter directly into an HTML form hidden input value attribute...

CVE-2026-48221

Open ISES Tickets prior to 3.44.2 is affected by a reflected XSS in ics205a.php via the frm_add_str POST parameter, allowing an authenticated attacker to inject arbitrary JavaScript that runs in the victim’s browser when the response is rendered. The vulnerability arises from unsanitized input be...

CVE-2026-48221 Open ISES Tickets < 3.44.2 Reflected XSS via ics205a.php frm_add_str Parameter

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics205a.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frmaddstr POST parameter directly into an HTML form hidden input value attribute...

CVE-2026-48220

Open ISES Tickets

CVE-2026-48219 Open ISES Tickets < 3.44.2 Reflected XSS via ics202.php frm_add_str Parameter

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics202.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frmaddstr POST parameter directly into an HTML form hidden input value attribute...

CVE-2026-48219 Open ISES Tickets < 3.44.2 Reflected XSS via ics202.php frm_add_str Parameter

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics202.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frmaddstr POST parameter directly into an HTML form hidden input value attribute...

CVE-2026-48219

Open ISES Tickets prior to 3.44.2 has a reflected cross-site scripting flaw in ics202.php, where an unsanitized frm_add_str POST value is echoed into a hidden input, enabling an authenticated attacker to inject JavaScript in the response. Affected version range is before 3.44.2; patch/upgrade to ...

CVE-2026-48218 Open ISES Tickets < 3.44.2 Reflected XSS via icons/buttons/landb.php frm_name and frm_id Parameters

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in icons/buttons/landb.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frmname and frmid POST parameters directly into rendered HTML content a...

CVE-2026-48218 Open ISES Tickets < 3.44.2 Reflected XSS via icons/buttons/landb.php frm_name and frm_id Parameters

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in icons/buttons/landb.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frmname and frmid POST parameters directly into rendered HTML content a...

CVE-2026-48218

Open ISES Tickets prior to 3.44.2 is affected by a reflected XSS in icons/buttons/landb.php. An authenticated attacker can pass unsanitized values via the frm_name and frm_id POST parameters, which are inserted into rendered HTML/inline JavaScript, enabling arbitrary JavaScript execution in the v...

CVE-2026-48217 Open ISES Tickets < 3.44.2 Reflected XSS via delete_module.php Multiple POST Parameters

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in deletemodule.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters modulechoice, flag, confirmation directly into render...

CVE-2026-48217

Open ISES Tickets prior to 3.44.2 is affected by a reflected XSS in delete_module.php. The vulnerability allows an authenticated attacker to inject arbitrary JavaScript by passing unsanitized values through POST parameters module_choice, flag, and confirmation, which are then rendered into HTML c...

CVE-2026-48217 Open ISES Tickets < 3.44.2 Reflected XSS via delete_module.php Multiple POST Parameters

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in deletemodule.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters modulechoice, flag, confirmation directly into render...

EUVD-2026-31300

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in deletemodule.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters modulechoice, flag, confirmation directly into render...