CVE-2026-35008
Reflected XSS in Open ISES Tickets via ticket_id Parameter
Publication date: 2026-05-20
Last updated on: 2026-05-20
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to upgrade Open ISES Tickets to version 3.44.2 or later, where the reflected XSS issue in single.php has been patched.
Until the upgrade can be applied, consider implementing input validation or sanitization on the ticket_id parameter to prevent injection of malicious JavaScript.
Additionally, applying web application firewall (WAF) rules to block requests containing suspicious script tags in the ticket_id parameter can help reduce risk.
Can you explain this vulnerability to me?
CVE-2026-35008 is a reflected cross-site scripting (XSS) vulnerability found in Open ISES Tickets versions before 3.44.2, specifically in the single.php file.
This vulnerability allows authenticated attackers to inject arbitrary JavaScript code by manipulating the ticket_id parameter in the URL. The issue occurs because the ticket_id value is passed without proper sanitization into an HTML attribute, enabling attackers to craft malicious URLs that execute JavaScript in the victim's browser when visited.
How can this vulnerability impact me? :
This vulnerability can impact users by allowing attackers to execute arbitrary JavaScript in their browsers when they visit a maliciously crafted URL.
Such execution can lead to unauthorized actions performed on behalf of the user, theft of sensitive information like session tokens, or other malicious activities within the context of the affected web application.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for reflected cross-site scripting (XSS) attempts involving the ticket_id parameter in URLs accessing the single.php file of Open ISES Tickets versions before 3.44.2.
One way to detect exploitation attempts is to monitor web server logs for suspicious URLs containing JavaScript payloads in the ticket_id GET parameter.
For example, you can use commands like the following to search your web server access logs for potential XSS payloads:
- grep -i 'single.php' /var/log/apache2/access.log | grep -E 'ticket_id=.*<script>'
- grep -i 'single.php' /var/log/nginx/access.log | grep -E 'ticket_id=.*%3Cscript%3E'
Additionally, using web vulnerability scanners that test for reflected XSS on the ticket_id parameter can help identify the vulnerability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how this reflected cross-site scripting (XSS) vulnerability in Open ISES Tickets affects compliance with common standards and regulations such as GDPR or HIPAA.