Description
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in db_loader.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters (ticketshost, ticketsdb, ticketsuser, ticketspassword, ticketsprefix, db_schema) directly into HTML form input value attributes. Attackers can craft a malicious request containing a JavaScript payload that executes in the victim's browser when the response is rendered.
Published: 2026-05-21
Score: 5.1 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Open ISES Tickets before 3.44.2 reflects values from several POST parameters directly into HTML form input elements without sanitization, enabling an authenticated attacker to inject arbitrary JavaScript that is executed in the victim’s browser when the page is rendered. This reflected cross‑site scripting flaw (CWE‑79) allows malicious client‑side code to perform a range of attacks, including session hijacking, credential theft, or redirection to malicious sites.

Affected Systems

All installations of Open ISES Tickets running a release earlier than 3.44.2 are affected. The flaw resides in db_loader.php, which processes POST parameters such as ticketshost, ticketsdb, ticketsuser, ticketspassword, ticketsprefix, and db_schema, reflecting those values directly into HTML form inputs.

Risk and Exploitability

The CVSS score of 5.1 indicates moderate severity. EPSS data is not available, and the vulnerability is not listed in the CISA KEV catalog. An attacker must be authenticated to the application and must craft a POST request that includes malicious values in the specified parameters. The need for authentication and a POST request reduces the attack surface but does not eliminate the risk, particularly if an attacker can compromise a user account or otherwise access the application.

Generated by OpenCVE AI on May 21, 2026 at 18:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Open ISES Tickets to version 3.44.2 or later where the input sanitization bug is fixed.
  • If an upgrade cannot be performed immediately, implement server‑side validation or sanitization of the affected POST parameters to encode or strip script content before rendering.
  • Deploy a web application firewall or enforce a strict Content‑Security‑Policy header to mitigate residual XSS payloads.

Generated by OpenCVE AI on May 21, 2026 at 18:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 21 May 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 21 May 2026 17:45:00 +0000

Type Values Removed Values Added
Description Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in db_loader.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters (ticketshost, ticketsdb, ticketsuser, ticketspassword, ticketsprefix, db_schema) directly into HTML form input value attributes. Attackers can craft a malicious request containing a JavaScript payload that executes in the victim's browser when the response is rendered.
Title Open ISES Tickets < 3.44.2 Reflected XSS via db_loader.php Multiple POST Parameters
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-21T17:51:15.450Z

Reserved: 2026-05-21T13:15:18.100Z

Link: CVE-2026-48216

cve-icon Vulnrichment

Updated: 2026-05-21T17:51:11.274Z

cve-icon NVD

Status : Deferred

Published: 2026-05-21T18:16:17.857

Modified: 2026-05-21T19:10:12.323

Link: CVE-2026-48216

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-21T19:00:14Z

Weaknesses