Reflected Cross-Site Scripting Vulnerability in Open ISES Tickets by Open ISES
CVE-2026-35011
5.1MEDIUM
What is CVE-2026-35011?
Open ISES Tickets versions before 3.44.2 are susceptible to a reflected cross-site scripting vulnerability in the opena.php file. This vulnerability enables authenticated attackers to inject arbitrary JavaScript into the page output by exploiting an unsanitized GET parameter, frm_call. By crafting a malicious URL that includes a JavaScript payload within this parameter, attackers can execute harmful scripts in the victims' browsers upon visiting the modified URL, thus compromising user security.
Affected Version(s)
tickets 0