CVE-2026-35012

Open ISES Tickets prior to 3.44.2 is affected by a reflected XSS in add_facnote.php. The vulnerability arises when an unsanitized ticket_id value is injected via the GET parameter and placed into a hidden input field VALUE attribute, allowing an authenticated attacker to craft a URL that executes...