Is there a patch available for CVE-2026-48221?

Yes, a patch is available for CVE-2026-48221. Update the affected software to the latest version immediately.

Open ISES Tickets CVE-2026-48221

Q: What is the CVSS score of CVE-2026-48221?

CVE-2026-48221 has a CVSS 4.0 base score of 5.1 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-31302 MEDIUM

Cross-site Scripting (XSS) (CWE-79)

2026-05-21 VulnCheck

GHSA-cxv4-2vhg-j9gf

PHP XSS

5.1

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Scope

Lifecycle Timeline

Source Code Evidence Fetched

May 21, 2026 - 18:43 vuln.today

Analysis Generated

May 21, 2026 - 18:43 vuln.today

CVSS changed

May 21, 2026 - 18:22 NVD

5.4 (MEDIUM) 5.1 (MEDIUM)

DescriptionNVD

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics205a.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frm_add_str POST parameter directly into an HTML form hidden input value attribute. Attackers can craft a malicious request containing a JavaScript payload that executes in the victim's browser when the response is rendered.

AnalysisAI

Reflected cross-site scripting in Open ISES Tickets before version 3.44.2 allows injection of arbitrary JavaScript via the unsanitized frm_add_str POST parameter in ics205a.php, which is rendered verbatim inside an HTML form hidden input value attribute in the victim's browser. This CVE is one of 69 XSS vulnerabilities patched in the v3.44.2 release - a 'Critical Security Update' that also addressed 19 SQL injection issues and 5 hardcoded secrets, revealing systemic input handling failures across the codebase. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-48221 vulnerability details – vuln.today

Back

Open ISES Tickets CVE-2026-48221

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Analysis

Full analysis requires sign-in

Share

Open ISES Tickets CVE-2026-48221

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Full analysis requires sign-in

Share

External POC / Exploit Code