976418 matches found
CVE-2026-48227
Open ISES Tickets before 3.44.2 is affected by a reflected XSS in patient.php, where an unsanitized id and ticket_id in GET parameters can inject JavaScript into the HTML form action URL. The vulnerability allows authenticated users to craft requests that execute in a victim’s browser when the re...
CVE-2026-48226
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in oswatch.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ref and modeorig POST parameters directly into HTML form hidden input value...
CVE-2026-48226
Open ISES Tickets prior to 3.44.2 is affected by a reflected XSS in os_watch.php. An authenticated attacker can inject arbitrary JavaScript by unsanitized values passed via the ref and mode_orig POST parameters into HTML form hidden input value attributes, leading to code execution in the victim’...
CVE-2026-48226 Open ISES Tickets < 3.44.2 Reflected XSS via os_watch.php ref and mode_orig Parameters
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in oswatch.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ref and modeorig POST parameters directly into HTML form hidden input value...
CVE-2026-48226 Open ISES Tickets < 3.44.2 Reflected XSS via os_watch.php ref and mode_orig Parameters
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in oswatch.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ref and modeorig POST parameters directly into HTML form hidden input value...
CVE-2026-48225 Open ISES Tickets < 3.44.2 Reflected XSS via landb.php _type Parameter
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in landb.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the type POST parameter directly into an HTML form hidden input value attribute. Attacker...
CVE-2026-48224 Open ISES Tickets < 3.44.2 Reflected XSS via ics214.php frm_add_str Parameter
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics214.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frmaddstr POST parameter directly into an HTML form hidden input value attribute...
CVE-2026-48224 Open ISES Tickets < 3.44.2 Reflected XSS via ics214.php frm_add_str Parameter
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics214.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frmaddstr POST parameter directly into an HTML form hidden input value attribute...
CVE-2026-48224
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics214.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frmaddstr POST parameter directly into an HTML form hidden input value attribute...
CVE-2026-48224
Technical details are not publicly available in the provided documents. Monitor for updates.
CVE-2026-48223 Open ISES Tickets < 3.44.2 Reflected XSS via ics213rr.php frm_add_str Parameter
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics213rr.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frmaddstr POST parameter directly into an HTML form hidden input value attribute...
CVE-2026-48223
Open ISES Tickets prior to 3.44.2 is affected by a reflected XSS in ics213rr.php. An authenticated attacker can send an unsanitized frm_add_str POST value that is echoed into a hidden HTML input value attribute, causing arbitrary JavaScript to execute in the victim’s browser when the page renders...
CVE-2026-48223
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics213rr.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frmaddstr POST parameter directly into an HTML form hidden input value attribute...
CVE-2026-48222 Open ISES Tickets < 3.44.2 Reflected XSS via ics213.php frm_add_str Parameter
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics213.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frmaddstr POST parameter directly into an HTML form hidden input value attribute...
CVE-2026-48222
CVE-2026-48222 affects Open ISES Tickets prior to 3.44.2. A reflected XSS exists in ics213.php where an unsanitized frm_add_str POST parameter is inserted into a hidden HTML input value attribute, allowing authenticated attackers to inject arbitrary JavaScript that executes when the response is r...
CVE-2026-48222 Open ISES Tickets < 3.44.2 Reflected XSS via ics213.php frm_add_str Parameter
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics213.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frmaddstr POST parameter directly into an HTML form hidden input value attribute...
CVE-2026-48222
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics213.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frmaddstr POST parameter directly into an HTML form hidden input value attribute...
CVE-2026-48221
Open ISES Tickets prior to 3.44.2 is affected by a reflected XSS in ics205a.php via the frm_add_str POST parameter, allowing an authenticated attacker to inject arbitrary JavaScript that runs in the victim’s browser when the response is rendered. The vulnerability arises from unsanitized input be...
CVE-2026-48220
Open ISES Tickets
CVE-2026-48219
Open ISES Tickets prior to 3.44.2 has a reflected cross-site scripting flaw in ics202.php, where an unsanitized frm_add_str POST value is echoed into a hidden input, enabling an authenticated attacker to inject JavaScript in the response. Affected version range is before 3.44.2; patch/upgrade to ...