105159 matches found
CVE-2026-48229
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in routesi.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid GET parameter directly into HTML form hidden input value attributes...
CVE-2026-48229 Open ISES Tickets < 3.44.2 Reflected XSS via routes_i.php ticket_id Parameter
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in routesi.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid GET parameter directly into HTML form hidden input value attributes...
EUVD-2026-31309
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in routesi.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid GET parameter directly into HTML form hidden input value attributes...
CVE-2026-48228 Open ISES Tickets < 3.44.2 Reflected XSS via patient_w.php id and ticket_id Parameters
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in patientw.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the id and ticketid GET parameters directly into an HTML form action URL. Attackers ca...
CVE-2026-48228
Open ISES Tickets before 3.44.2 contains a reflected XSS in patient_w.php where an unsanitized value passed via id and ticket_id GET parameters is injected into an HTML form action URL. This allows authenticated attackers to inject arbitrary JavaScript that executes when the response renders. Aff...
CVE-2026-48228 Open ISES Tickets < 3.44.2 Reflected XSS via patient_w.php id and ticket_id Parameters
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in patientw.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the id and ticketid GET parameters directly into an HTML form action URL. Attackers ca...
CVE-2026-48227 Open ISES Tickets < 3.44.2 Reflected XSS via patient.php id and ticket_id Parameters
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in patient.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the id and ticketid GET parameters directly into an HTML form action URL. Attackers can...
CVE-2026-48227
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in patient.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the id and ticketid GET parameters directly into an HTML form action URL. Attackers can...
CVE-2026-48227 Open ISES Tickets < 3.44.2 Reflected XSS via patient.php id and ticket_id Parameters
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in patient.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the id and ticketid GET parameters directly into an HTML form action URL. Attackers can...
CVE-2026-48226
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in oswatch.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ref and modeorig POST parameters directly into HTML form hidden input value...
CVE-2026-48226
Open ISES Tickets prior to 3.44.2 is affected by a reflected XSS in os_watch.php. An authenticated attacker can inject arbitrary JavaScript by unsanitized values passed via the ref and mode_orig POST parameters into HTML form hidden input value attributes, leading to code execution in the victim’...
CVE-2026-48226 Open ISES Tickets < 3.44.2 Reflected XSS via os_watch.php ref and mode_orig Parameters
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in oswatch.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ref and modeorig POST parameters directly into HTML form hidden input value...
CVE-2026-48225 Open ISES Tickets < 3.44.2 Reflected XSS via landb.php _type Parameter
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in landb.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the type POST parameter directly into an HTML form hidden input value attribute. Attacker...
EUVD-2026-31304
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in landb.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the type POST parameter directly into an HTML form hidden input value attribute. Attacker...
CVE-2026-48225
CVE-2026-48225 describes a reflected XSS in Open ISES Tickets prior to 3.44.2. The vulnerability occurs in landb.php via an unsanitized value passed to the _type POST parameter, injected into a hidden input value, enabling an authenticated attacker to inject arbitrary JavaScript that executes in ...
CVE-2026-48225 Open ISES Tickets < 3.44.2 Reflected XSS via landb.php _type Parameter
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in landb.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the type POST parameter directly into an HTML form hidden input value attribute. Attacker...
EUVD-2026-31305
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics214.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frmaddstr POST parameter directly into an HTML form hidden input value attribute...
CVE-2026-48224
Technical details are not publicly available in the provided documents. Monitor for updates.
CVE-2026-48224 Open ISES Tickets < 3.44.2 Reflected XSS via ics214.php frm_add_str Parameter
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics214.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frmaddstr POST parameter directly into an HTML form hidden input value attribute...
CVE-2026-48224 Open ISES Tickets < 3.44.2 Reflected XSS via ics214.php frm_add_str Parameter
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics214.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frmaddstr POST parameter directly into an HTML form hidden input value attribute...