2 matches found
EUVD-2026-31294
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in dbloader.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters ticketshost, ticketsdb, ticketsuser, ticketspassword,...
PT-2026-42495
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in delete module.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters module choice, flag, confirmation directly into...