EUVD-2026-31180

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in addnote.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid GET parameter directly into a hidden input field VALUE attribute. Attacker...

CVE-2026-35009

Open ISES Tickets prior to 3.44.2 is affected by a reflected XSS in add_note.php via the ticket_id GET parameter. An attacker who is authenticated can craft a URL containing a JavaScript payload in ticket_id, which is then injected into a hidden input VALUE attribute and can execute in the victim...

CVE-2026-35009 Open ISES Tickets < 3.44.2 Reflected XSS via add_note.php ticket_id Parameter

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in addnote.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid GET parameter directly into a hidden input field VALUE attribute. Attacker...

CVE-2026-35009

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in addnote.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid GET parameter directly into a hidden input field VALUE attribute. Attacker...

tickets 跨站脚本漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from a reflection-based cross-site scripting flaw in the addnote.php file. It could...

PT-2026-42251

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in add note.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticket id GET parameter directly into a hidden input field VALUE attribute...

CVE-2023-47014

A Cross-Site Request Forgery CSRF vulnerability in Sourcecodester Sticky Notes App Using PHP with Source Code v.1.0 allows a local attacker to obtain sensitive information via a crafted payload to add-note.php...

CVE-2023-47014

A Cross-Site Request Forgery CSRF vulnerability in Sourcecodester Sticky Notes App Using PHP with Source Code v.1.0 allows a local attacker to obtain sensitive information via a crafted payload to add-note.php...

PT-2023-7576 · Unknown · Sticky Notes App Using Php With Source Code

Name of the Vulnerable Software and Affected Versions: Sticky Notes App Using PHP with Source Code version 1.0 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This vulnerability can be exploited by a remote attacker to gain access to confidential information...

CVE-2023-5791

A vulnerability, which was classified as problematic, was found in SourceCodester Sticky Notes App 1.0. This affects an unknown part of the file endpoint/add-note.php. The manipulation of the argument noteTitle/noteContent leads to cross site scripting. It is possible to initiate the attack...

SourceCodester Sticky Notes Cross-Site Scripting Vulnerability

SourceCodester Sticky Notes is a sticky notes application. A security vulnerability exists in SourceCodester Sticky Notes version 1.0, which stems from a cross-site scripting XSS vulnerability in the parameters noteTitle/noteContent in the file endpoint/add-note.php...

PT-2023-32329 · Unknown · Sourcecodester Sticky Notes App

Name of the Vulnerable Software and Affected Versions: SourceCodester Sticky Notes App version 1.0 Description: A vulnerability was found in the SourceCodester Sticky Notes App, affecting an unknown part of the file "endpoint/add-note.php". The manipulation of the arguments noteTitle and...

OroCommerce Cross-site Scripting vulnerability in add note dialog of Shopping List line item

Impact The JS payload added to the product name may be executed at the storefront when adding a note to the shopping list line item containing a vulnerable product. An attacker should be able to edit a product in the admin area and force a user to add this product to Shopping List and click add a...

CVE-2022-35950 OroCommerce Cross-site Scripting vulnerability in add note dialog of Shopping List line item

OroCommerce is an open-source Business to Business Commerce application. In versions 4.1.0 through 4.1.13, 4.2.0 through 4.2.10, 5.0.0 prior to 5.0.11, and 5.1.0 prior to 5.1.1, the JS payload added to the product name may be executed at the storefront when adding a note to the shopping list line...

Xero: Additonal stored XSS in Add note/Expected payment Date

When you make an invoice, the person you make the invoice out to can be an xss vector like " then fill out the rest of the invoice and create it. Go to the invoice then when you go the invoice and click add note/expected date it'll trigger...