Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/05/20 7:36 p.m.33 views

CVE-2026-35010 Open ISES Tickets < 3.44.2 Reflected XSS via patient_JF.php ticket_id Parameter

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in patientJF.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid GET parameter directly into a JavaScript variable assignment. Attackers...

5.1CVSS0.00221EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/20 7:36 p.m.10 views

CVE-2026-35010

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in patientJF.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid GET parameter directly into a JavaScript variable assignment. Attackers...

5.1CVSS5.8AI score0.00221EPSS
Exploits0References4
CVE
CVE
added 2026/05/20 7:36 p.m.15 views

CVE-2026-35010

Open ISES Tickets before 3.44.2 is affected by a reflected XSS in patient_JF.php via the ticket_id GET parameter, where an unsanitized value leads to arbitrary JavaScript execution in an authenticated user’s browser. The issue is triggered by visiting a crafted URL containing a JavaScript payload...

5.1CVSS5.8AI score0.00221EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/20 7:36 p.m.10 views

EUVD-2026-31182

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in patientJF.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid GET parameter directly into a JavaScript variable assignment. Attackers...

5.1CVSS5.8AI score0.00221EPSS
Exploits0References3
Rows per page
Query Builder