VYPR

Tickets

by Openises

Source repositories

CVEs (47)

  • CVE-2026-35013MedMay 20, 2026
    risk 0.23cvss 4.6epss 0.00

    Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in street_view.php that allows authenticated attackers to inject arbitrary JavaScript by passing unsanitized values through the thelat and thelng GET parameters directly into JavaScript…

  • CVE-2026-35012MedMay 20, 2026
    risk 0.23cvss 4.6epss 0.00

    Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in add_facnote.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticket_id GET parameter directly into a hidden input field…

  • CVE-2026-35011MedMay 20, 2026
    risk 0.23cvss 4.6epss 0.00

    Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in opena.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frm_call GET parameter directly into page output. Attackers can…

  • CVE-2026-35010MedMay 20, 2026
    risk 0.23cvss 4.6epss 0.00

    Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in patient_JF.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticket_id GET parameter directly into a JavaScript variable…

  • CVE-2026-35009MedMay 20, 2026
    risk 0.23cvss 4.6epss 0.00

    Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in add_note.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticket_id GET parameter directly into a hidden input field VALUE…

  • CVE-2026-35008MedMay 20, 2026
    risk 0.23cvss 4.6epss 0.00

    Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in single.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticket_id GET parameter directly into an HTML attribute. Attackers…

  • CVE-2026-35007MedMay 20, 2026
    risk 0.23cvss 4.6epss 0.00

    Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in single_unit.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the id GET parameter directly into an HTML attribute. Attackers…

Page 3 of 3