CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/05/29 12:0 a.m.•7 views

PT-2026-44876

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the frm passwd parameter. Attackers can send POST requests to main.php with crafted SQL payloads to extract sensitive...

8.8CVSS6.1AI score0.0009EPSS

Exploits0References5

CNNVD•added 2026/05/29 12:0 a.m.•5 views

Open ISES Project SQL注入漏洞

The Open ISES Project is an open-source information technology platform for emergency service organizations, developed by Open ISES. Version 3.30A of the Open ISES Project contains a SQL injection vulnerability. This vulnerability arises from injecting malicious code through the frmpasswd...

8.8CVSS6.1AI score0.0009EPSS

NVD•added 2026/05/21 6:16 p.m.•6 views

CVE-2026-48219

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics202.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frmaddstr POST parameter directly into an HTML form hidden input value attribute...

5.4CVSS0.00029EPSS

NVD•added 2026/05/21 6:16 p.m.•7 views

CVE-2026-48215

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in circle.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frmid POST parameter directly into an HTML form input value attribute. Attackers can...

5.4CVSS0.00029EPSS

Vulnrichment•added 2026/05/21 5:9 p.m.•5 views

CVE-2026-48223 Open ISES Tickets < 3.44.2 Reflected XSS via ics213rr.php frm_add_str Parameter

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics213rr.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frmaddstr POST parameter directly into an HTML form hidden input value attribute...

CVE•added 2026/05/21 5:9 p.m.•9 views

CVE-2026-48223

Open ISES Tickets prior to 3.44.2 is affected by a reflected XSS in ics213rr.php. An authenticated attacker can send an unsanitized frm_add_str POST value that is echoed into a hidden HTML input value attribute, causing arbitrary JavaScript to execute in the victim’s browser when the page renders...

ATTACKERKB•added 2026/05/21 5:9 p.m.•3 views

CVE-2026-48223

Vulnrichment•added 2026/05/21 5:9 p.m.•6 views

CVE-2026-48222 Open ISES Tickets < 3.44.2 Reflected XSS via ics213.php frm_add_str Parameter

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics213.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frmaddstr POST parameter directly into an HTML form hidden input value attribute...

EUVD•added 2026/05/21 5:9 p.m.•6 views

EUVD-2026-31298

CNNVD•added 2026/05/21 12:0 a.m.•3 views

tickets 跨站脚本漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the circular.php file, where the frmid POST parameter was directly inserted into...

Positive Technologies•added 2026/05/21 12:0 a.m.•7 views

PT-2026-42498

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics205.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frm add str POST parameter directly into an HTML form hidden input value attribute...

CNNVD•added 2026/05/21 12:0 a.m.•5 views

tickets 跨站脚本漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the use of the frmaddstr POST parameter in the ics213.php file, allowing uncleane...

CNNVD•added 2026/05/21 12:0 a.m.•5 views

tickets 跨站脚本漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the fact that the frmaddstr POST parameter was not cleared in icc202.php, allowin...

CNNVD•added 2026/05/21 12:0 a.m.•4 views

tickets 跨站脚本漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the fact that the frmaddstr POST parameter was not cleared in ics205.php, allowin...

Positive Technologies•added 2026/05/21 12:0 a.m.•6 views

PT-2026-42493

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in circle.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frm id POST parameter directly into an HTML form input value attribute. Attackers ca...

CVE•added 2026/05/20 7:37 p.m.•7 views

CVE-2026-35011

Open ISES Tickets prior to 3.44.2 is affected by a reflected XSS in opena.php via the frm_call parameter. An authenticated attacker can craft a URL containing an unsanitized frm_call value that is reflected in page output, allowing arbitrary JavaScript execution in the victim’s browser. A fix is ...

5.1CVSS5.8AI score0.00029EPSS

Positive Technologies•added 2026/05/20 12:0 a.m.•6 views

PT-2026-42253

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in opena.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frm call GET parameter directly into page output. Attackers can craft a malicious URL...

5.1CVSS5.8AI score0.00029EPSS