CVE-2026-48230

Open ISES Tickets before 3.44.2 is affected by a reflected XSS in ticketsmdb_import.php. An authenticated attacker can inject arbitrary JavaScript by passing unsanitized values through multiple POST parameters (mdbhost, mdbdb, mdbuser, mdbpassword, mdbprefix, ticketshost, ticketsdb, ticketsuser, ...

CVE-2026-48216 Open ISES Tickets < 3.44.2 Reflected XSS via db_loader.php Multiple POST Parameters

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in dbloader.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters ticketshost, ticketsdb, ticketsuser, ticketspassword,...

CVE-2023-42241

An issue was discovered in Selesta Visual Access Manager VAM prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vamanagraphic.php...

CVE-2023-42239

An issue was discovered in Selesta Visual Access Manager VAM prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vamep.php...

CVE-2023-42244

An issue was discovered in Selesta Visual Access Manager VAM prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vamvisits.php...

CVE-2023-42239

CVE-2023-42239 affects Selesta Visual Access Manager (VAM) prior to version 4.42.2. Multiple connected sources confirm an authenticated SQL Injection vulnerability in POST parameters of the /vam/vam_ep.php endpoint. The issue arises from improper handling/validation of input, enabling an attacker...