Reflected XSS Vulnerability in Open ISES Tickets by OpenISES
CVE-2026-48230

5.1MEDIUM

Key Information:

Vendor

Open Ises

Status
Tickets
Vendor
CVE Published:
21 May 2026

What is CVE-2026-48230?

Open ISES Tickets prior to version 3.44.2 is vulnerable to a reflected cross-site scripting (XSS) flaw found in the ticketsmdb_import.php file. This vulnerability allows authenticated users to submit crafted input via multiple unsanitized POST parameters, which then injects arbitrary JavaScript code into the web application's response. When this response is rendered in a victim's browser, the malicious JavaScript executes, potentially compromising the security and privacy of affected users. It is essential for users and administrators of Open ISES Tickets to upgrade to the latest version to mitigate this threat.

Affected Version(s)

Tickets 0 < 3.44.2

References

https://github.com/openises/tickets/releases/tag/v3.44.2
release-notes
https://github.com/openises/tickets/commit/ecfeb406a01676...
patch
https://www.vulncheck.com/advisories/open-ises-tickets-re...
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.