Lucene search
K

6 matches found

CVE
CVE
added 2026/05/29 2:46 p.m.14 views

CVE-2018-25404

The Open ISES Project 3.30A is affected by an SQL injection in add_facnote.php accessed via the ticket_id parameter. Unauthenticated attackers can send crafted GET requests to extract sensitive data (e.g., database version/details), exposing confidentiality and potentially other data. The vulnera...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/29 2:46 p.m.6 views

CVE-2018-25404

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the ticketid parameter. Attackers can send GET requests to addfacnote.php with crafted SQL payloads to extract sensitive...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/05/20 8:16 p.m.13 views

CVE-2026-35012

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in addfacnote.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid GET parameter directly into a hidden input field VALUE attribute...

5.1CVSS0.00221EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/20 7:38 p.m.8 views

CVE-2026-35012

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in addfacnote.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid GET parameter directly into a hidden input field VALUE attribute...

5.1CVSS5.8AI score0.00221EPSS
Exploits0References4
CVE
CVE
added 2026/05/20 7:38 p.m.14 views

CVE-2026-35012

Open ISES Tickets prior to 3.44.2 is affected by a reflected XSS in add_facnote.php. The vulnerability arises when an unsanitized ticket_id value is injected via the GET parameter and placed into a hidden input field VALUE attribute, allowing an authenticated attacker to craft a URL that executes...

5.1CVSS5.8AI score0.00221EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/20 7:38 p.m.11 views

EUVD-2026-31186

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in addfacnote.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid GET parameter directly into a hidden input field VALUE attribute...

5.1CVSS5.8AI score0.00221EPSS
Exploits0References3
Rows per page
Query Builder