Lucene search
K

5 matches found

NVD
NVD
added 2026/05/20 8:16 p.m.14 views

CVE-2026-35015

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in dounitmail.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the theticket GET parameter directly into a JavaScript variable assignment. Attacker...

5.1CVSS0.00221EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/20 7:40 p.m.8 views

CVE-2026-35015 Open ISES Tickets < 3.44.2 Reflected XSS via do_unit_mail.php the_ticket Parameter

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in dounitmail.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the theticket GET parameter directly into a JavaScript variable assignment. Attacker...

5.1CVSS5.8AI score0.00221EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/20 7:40 p.m.8 views

CVE-2026-35015

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in dounitmail.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the theticket GET parameter directly into a JavaScript variable assignment. Attacker...

5.1CVSS5.8AI score0.00221EPSS
Exploits0References4
OSV
OSV
added 2026/05/20 7:40 p.m.2 views

CVE-2026-35015 Open ISES Tickets < 3.44.2 Reflected XSS via do_unit_mail.php the_ticket Parameter

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in dounitmail.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the theticket GET parameter directly into a JavaScript variable assignment. Attacker...

5.1CVSS5.9AI score0.00221EPSS
Exploits0References6
CVE
CVE
added 2026/05/20 7:40 p.m.17 views

CVE-2026-35015

Open ISES Tickets before 3.44.2 is vulnerable to a reflected XSS in do_unit_mail.php via the_ticket parameter. An authenticated attacker can inject arbitrary JavaScript by passing an unsanitized value into the_ticket, which is then inserted into a JavaScript variable assignment and executed when ...

5.1CVSS5.8AI score0.00221EPSS
Exploits0References3
Rows per page
Query Builder