4 matches found
CVE-2026-35010 Open ISES Tickets < 3.44.2 Reflected XSS via patient_JF.php ticket_id Parameter
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in patientJF.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid GET parameter directly into a JavaScript variable assignment. Attackers...
CVE-2026-35010
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in patientJF.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid GET parameter directly into a JavaScript variable assignment. Attackers...
CVE-2026-35010
Open ISES Tickets before 3.44.2 is affected by a reflected XSS in patient_JF.php via the ticket_id GET parameter, where an unsanitized value leads to arbitrary JavaScript execution in an authenticated user’s browser. The issue is triggered by visiting a crafted URL containing a JavaScript payload...
EUVD-2026-31182
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in patientJF.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid GET parameter directly into a JavaScript variable assignment. Attackers...