Reflected Cross-Site Scripting in Open ISES Tickets by Open ISES
CVE-2026-48215

5.1MEDIUM

Key Information:

Vendor

Open Ises

Status
Tickets
Vendor
CVE Published:
21 May 2026

What is CVE-2026-48215?

Open ISES Tickets versions before 3.44.2 are vulnerable to a reflected cross-site scripting flaw in the 'circle.php' file. This vulnerability allows authenticated attackers to inject arbitrary JavaScript into the application. By exploiting this flaw, attackers can send carefully crafted requests containing malicious JavaScript that, once executed in the user's browser, could lead to unauthorized actions. This highlights the necessity of implementing proper input sanitization to prevent such attacks.

Affected Version(s)

Tickets 0 < 3.44.2

References

https://github.com/openises/tickets/releases/tag/v3.44.2
release-notes
https://github.com/openises/tickets/commit/ecfeb406a01676...
patch
https://www.vulncheck.com/advisories/open-ises-tickets-re...
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.