Skip to main content

Open ISES Tickets CVE-2026-48223

| EUVD-2026-31306 MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2026-05-21 VulnCheck GHSA-96p4-6rgc-hp28
PHP XSS
5.1
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
A
Scope
X

Lifecycle Timeline

3
Source Code Evidence Fetched
May 21, 2026 - 18:43 vuln.today
Analysis Generated
May 21, 2026 - 18:43 vuln.today
CVSS changed
May 21, 2026 - 18:22 NVD
5.4 (MEDIUM) 5.1 (MEDIUM)

DescriptionNVD

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics213rr.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frm_add_str POST parameter directly into an HTML form hidden input value attribute. Attackers can craft a malicious request containing a JavaScript payload that executes in the victim's browser when the response is rendered.

AnalysisAI

Reflected cross-site scripting in Open ISES Tickets before 3.44.2 allows a malicious actor to inject arbitrary JavaScript into a victim's browser session via the unsanitized frm_add_str POST parameter in ics213rr.php, where the value is written directly into an HTML form hidden input attribute without escaping. The CVSS 4.0 vector scores this at 5.1 with scope change to subsequent systems (SC:L/SI:L), meaning successful exploitation affects data beyond the immediately vulnerable component. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-48223 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy