Reflected XSS Vulnerability in Open ISES Tickets by Open ISES
CVE-2026-35007

5.1MEDIUM

Key Information:

Vendor: Openises
Status: Tickets
Vendor: CVE Published:; 20 May 2026

What is CVE-2026-35007?

Open ISES Tickets versions below 3.44.2 are susceptible to a reflected cross-site scripting vulnerability located in single_unit.php. This security flaw allows authenticated attackers to inject arbitrary JavaScript code by manipulating the id GET parameter with unsanitized input. When victims visit a crafted URL containing the malicious payload, the JavaScript executes in their browsers, potentially compromising their session and sensitive information.

Affected Version(s)

tickets 0

References

https://github.com/openises/tickets/releases/tag/v3.44.2

release-notes

https://github.com/openises/tickets/commit/ecfeb406a01676...

patch

https://www.vulncheck.com/advisories/open-ises-tickets-re...

third-party-advisory

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 20, 2026
Vulnerability Reserved
Mar 31, 2026

Credit

philopentest

VulnCheck

CVE-2026-35007 Data

JSON

Openises

What is CVE-2026-35007?

Affected Version(s)

References

CVSS V4

Timeline

Credit