VYPR

Tickets

by Openises

Source repositories

CVEs (47)

  • CVE-2026-48226MedMay 21, 2026
    risk 0.28cvss 5.4epss 0.00

    Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in os_watch.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ref and mode_orig POST parameters directly into HTML form hidden…

  • CVE-2026-48225MedMay 21, 2026
    risk 0.28cvss 5.4epss 0.00

    Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in landb.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the _type POST parameter directly into an HTML form hidden input value…

  • CVE-2026-48224MedMay 21, 2026
    risk 0.28cvss 5.4epss 0.00

    Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics214.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frm_add_str POST parameter directly into an HTML form hidden input…

  • CVE-2026-48223MedMay 21, 2026
    risk 0.28cvss 5.4epss 0.00

    Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics213rr.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frm_add_str POST parameter directly into an HTML form hidden…

  • CVE-2026-48222MedMay 21, 2026
    risk 0.28cvss 5.4epss 0.00

    Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics213.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frm_add_str POST parameter directly into an HTML form hidden input…

  • CVE-2026-48221MedMay 21, 2026
    risk 0.28cvss 5.4epss 0.00

    Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics205a.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frm_add_str POST parameter directly into an HTML form hidden…

  • CVE-2026-48220MedMay 21, 2026
    risk 0.28cvss 5.4epss 0.00

    Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics205.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frm_add_str POST parameter directly into an HTML form hidden input…

  • CVE-2026-48219MedMay 21, 2026
    risk 0.28cvss 5.4epss 0.00

    Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics202.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frm_add_str POST parameter directly into an HTML form hidden input…

  • CVE-2026-48218MedMay 21, 2026
    risk 0.28cvss 5.4epss 0.00

    Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in icons/buttons/landb.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frm_name and frm_id POST parameters directly into…

  • CVE-2026-48217MedMay 21, 2026
    risk 0.28cvss 5.4epss 0.00

    Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in delete_module.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters (module_choice, flag,…

  • CVE-2026-48216MedMay 21, 2026
    risk 0.28cvss 5.4epss 0.00

    Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in db_loader.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters (ticketshost, ticketsdb, ticketsuser,…

  • CVE-2026-48215MedMay 21, 2026
    risk 0.28cvss 5.4epss 0.00

    Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in circle.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frm_id POST parameter directly into an HTML form input value…

  • CVE-2026-48214MedMay 21, 2026
    risk 0.28cvss 5.4epss 0.00

    Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in add_nm.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticket_id POST parameter directly into an HTML form input value…

  • CVE-2026-48213MedMay 21, 2026
    risk 0.28cvss 5.4epss 0.00

    Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in add.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticket_id POST parameter directly into an HTML form input value…

  • CVE-2026-48245MedMay 21, 2026
    risk 0.27cvss 5.3epss 0.00

    Open ISES Tickets before 3.44.2 embeds a hardcoded Google Maps API key in tables.php that is committed to the public source repository. The key can be extracted by anyone with read access to the source and used to make Google Maps Platform requests billed against the original…

  • CVE-2026-48244MedMay 21, 2026
    risk 0.27cvss 5.3epss 0.00

    Open ISES Tickets before 3.44.2 embeds a hardcoded Google Maps API key in settings.inc.php that is committed to the public source repository. The key can be extracted by anyone with read access to the source and used to make Google Maps Platform requests billed against the…

  • CVE-2026-48243MedMay 21, 2026
    risk 0.27cvss 5.3epss 0.00

    Open ISES Tickets before 3.44.2 embeds a hardcoded WhitePages reverse-phone API key in wp1.php that is committed to the public source repository. Any actor with read access to the source tree can extract the key and use it to make third-party API calls billed to or rate-limited…

  • CVE-2026-35016MedMay 20, 2026
    risk 0.23cvss 4.6epss 0.00

    Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in search.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frm_query POST parameter directly into an HTML input field VALUE…

  • CVE-2026-35015MedMay 20, 2026
    risk 0.23cvss 4.6epss 0.00

    Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in do_unit_mail.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the the_ticket GET parameter directly into a JavaScript variable…

  • CVE-2026-35014MedMay 20, 2026
    risk 0.23cvss 4.6epss 0.00

    Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in routes_nm.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticket_id GET parameter directly into a hidden input field…