CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 5 days ago•6 views

CVE-2018-25404

The Open ISES Project 3.30A is affected by an SQL injection in add_facnote.php accessed via the ticket_id parameter. Unauthenticated attackers can send crafted GET requests to extract sensitive data (e.g., database version/details), exposing confidentiality and potentially other data. The vulnera...

8.8CVSS6.1AI score0.00068EPSS

CNNVD•added 5 days ago•4 views

Open ISES Project SQL注入漏洞

The Open ISES Project is an open-source information technology platform developed by Open ISES for emergency service organizations. Version 3.30A of the Open ISES Project contains a SQL injection vulnerability. This vulnerability arises from injecting malicious code through the ticketid parameter...

8.8CVSS6.1AI score0.00068EPSS

CVE•added 2026/05/21 5:10 p.m.•7 views

CVE-2026-48237

Open ISES Tickets prior to 3.44.2 is vulnerable to a SQL injection in message.php. The vulnerability arises because the POST parameters frm_ticket_id and frm_resp_id are concatenated into WHERE clauses of SELECT/UPDATE statements without sanitization, allowing an authenticated attacker to alter q...

7.1CVSS5.9AI score0.00027EPSS

EUVD•added 2026/05/21 5:10 p.m.•3 views

EUVD-2026-31310

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in patientw.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the id and ticketid GET parameters directly into an HTML form action URL. Attackers ca...

EUVD•added 2026/05/21 5:10 p.m.•4 views

EUVD-2026-31307

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in patient.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the id and ticketid GET parameters directly into an HTML form action URL. Attackers can...

ATTACKERKB•added 2026/05/21 5:10 p.m.•2 views

CVE-2026-48227

CVE•added 2026/05/21 5:10 p.m.•6 views

CVE-2026-48227

Open ISES Tickets before 3.44.2 is affected by a reflected XSS in patient.php, where an unsanitized id and ticket_id in GET parameters can inject JavaScript into the HTML form action URL. The vulnerability allows authenticated users to craft requests that execute in a victim’s browser when the re...

ATTACKERKB•added 2026/05/21 5:9 p.m.•1 views

CVE-2026-48214

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in addnm.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid POST parameter directly into an HTML form input value attribute and an inlin...

NVD•added 2026/05/20 8:16 p.m.•7 views

CVE-2026-35010

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in patientJF.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid GET parameter directly into a JavaScript variable assignment. Attackers...

5.1CVSS0.00029EPSS

EUVD•added 2026/05/20 7:40 p.m.•4 views

EUVD-2026-31184

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in routesnm.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid GET parameter directly into a hidden input field VALUE attribute. Attacke...

CVE•added 2026/05/20 7:40 p.m.•5 views

CVE-2026-35014

Open ISES Tickets before 3.44.2 is affected by a reflected XSS in routes_nm.php. The vulnerability allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value in the ticket_id GET parameter, which is placed into a hidden input VALUE attribute and executed in the ...

Cvelist•added 2026/05/20 7:38 p.m.•22 views

CVE-2026-35012 Open ISES Tickets < 3.44.2 Reflected XSS via add_facnote.php ticket_id Parameter

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in addfacnote.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid GET parameter directly into a hidden input field VALUE attribute...

5.1CVSS0.00029EPSS

Vulnrichment•added 2026/05/20 7:36 p.m.•3 views

CVE-2026-35009 Open ISES Tickets < 3.44.2 Reflected XSS via add_note.php ticket_id Parameter

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in addnote.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid GET parameter directly into a hidden input field VALUE attribute. Attacker...

ATTACKERKB•added 2026/05/20 7:36 p.m.•3 views

CVE-2026-35009

CNNVD•added 2026/05/20 12:0 a.m.•4 views

tickets 跨站脚本漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from a reflection-based cross-site scripting flaw in the addnote.php file. It could...

CNNVD•added 2026/05/20 12:0 a.m.•3 views

Exploits0References1

tickets 跨站脚本漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of Tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from a reflection-based cross-site scripting vulnerability in routesnm.php, which coul...