Description
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in search.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frm_query POST parameter directly into an HTML input field VALUE attribute. Attackers can craft a malicious request containing a JavaScript payload in the frm_query parameter that executes in the victim's browser when submitted.
Published: 2026-05-20
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Open ISES Tickets versions prior to 3.44.2 have a reflected cross‑site scripting flaw in the search.php page. An authenticated user can supply an unsanitized value via the frm_query POST parameter, which is inserted directly into an HTML input field VALUE attribute. When the search form is submitted, the embedded JavaScript runs in the victim’s browser, allowing the attacker to execute arbitrary code within that context. The impact is limited to client‑side execution and may include defacement or cookie theft, but it does not grant direct server‑side control or data exfiltration. The weakness is identified as CWE‑79.

Affected Systems

The vulnerability affects the openises Tickets application, any installation running a version older than 3.44.2. No specific patch level list is provided beyond the release tag v3.44.2.

Risk and Exploitability

The CVSS score of 5.1 indicates a moderate severity risk. EPSS is not listed, so an exploit probability estimate is unavailable. The flaw is not in the CISA KEV catalog. Attackers must first authenticate to the system and use the search feature to trigger the payload. Once the malicious request is made, the victim’s browser executes the code, resulting in client‑side compromise. The exploit requires no special privileges beyond authentication and no out‑of‑band technique. Overall, the risk is moderate with moderate exploitability for authenticated users.

Generated by OpenCVE AI on May 20, 2026 at 21:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to openises Tickets 3.44.2 or later, which includes a fix for the reflected XSS in search.php.
  • If upgrading is not possible immediately, modify the search.php logic to properly escape or sanitize the frm_query input before rendering it in the VALUE attribute of the input field.
  • Consider temporarily disabling or restricting access to the search feature until a patch is applied, especially for accounts with elevated privileges.

Generated by OpenCVE AI on May 20, 2026 at 21:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 21 May 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 21 May 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Openises
Openises tickets
Vendors & Products Openises
Openises tickets

Wed, 20 May 2026 20:15:00 +0000

Type Values Removed Values Added
Description Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in search.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frm_query POST parameter directly into an HTML input field VALUE attribute. Attackers can craft a malicious request containing a JavaScript payload in the frm_query parameter that executes in the victim's browser when submitted.
Title Open ISES Tickets < 3.44.2 Reflected XSS via search.php frm_query Parameter
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 4.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N'}

Subscriptions

Openises Tickets
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-21T14:25:15.488Z

Reserved: 2026-03-31T20:40:15.618Z

Link: CVE-2026-35016

cve-icon Vulnrichment

Updated: 2026-05-21T14:14:47.940Z

cve-icon NVD

Status : Deferred

Published: 2026-05-20T20:16:39.070

Modified: 2026-05-21T15:17:59.850

Link: CVE-2026-35016

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-21T08:18:44Z

Weaknesses