4 matches found
CVE-2026-35015
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in dounitmail.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the theticket GET parameter directly into a JavaScript variable assignment. Attacker...
CVE-2026-35015
Open ISES Tickets before 3.44.2 is vulnerable to a reflected XSS in do_unit_mail.php via the_ticket parameter. An authenticated attacker can inject arbitrary JavaScript by passing an unsanitized value into the_ticket, which is then inserted into a JavaScript variable assignment and executed when ...
CVE-2026-35015 Open ISES Tickets < 3.44.2 Reflected XSS via do_unit_mail.php the_ticket Parameter
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in dounitmail.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the theticket GET parameter directly into a JavaScript variable assignment. Attacker...
CVE-2026-35015
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in dounitmail.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the theticket GET parameter directly into a JavaScript variable assignment. Attacker...