CVE-2026-35010
Reflected XSS in Open ISES Tickets via ticket_id Parameter
Publication date: 2026-05-20
Last updated on: 2026-05-20
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability is a reflected cross-site scripting (XSS) flaw in Open ISES Tickets that allows authenticated attackers to inject arbitrary JavaScript code. Such vulnerabilities can potentially lead to unauthorized access to sensitive information or session hijacking, which may impact the confidentiality and integrity of personal data.
Since Open ISES Tickets is related to patient information, this vulnerability could affect compliance with regulations like GDPR and HIPAA that require protection of personal and health data against unauthorized access or disclosure.
However, the provided information does not explicitly state the direct impact on compliance or any regulatory assessments.
Can you explain this vulnerability to me?
CVE-2026-35010 is a reflected cross-site scripting (XSS) vulnerability found in Open ISES Tickets versions before 3.44.2, specifically in the patient_JF.php file.
The vulnerability occurs because the ticket_id GET parameter is not properly sanitized before being assigned directly to a JavaScript variable. This allows an authenticated attacker to inject arbitrary JavaScript code.
An attacker can craft a malicious URL containing a JavaScript payload in the ticket_id parameter, which executes in the victim's browser when the URL is visited.
How can this vulnerability impact me? :
This vulnerability can allow attackers to execute arbitrary JavaScript code in the context of the victim's browser session.
- Steal sensitive information such as session cookies or authentication tokens.
- Perform actions on behalf of the victim user within the application.
- Potentially redirect users to malicious websites or display fraudulent content.
Since the attacker must be authenticated, the impact is limited to users with valid access, but it still poses a medium severity risk as indicated by the CVSS score of 5.1.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying attempts to access the patient_JF.php page with a ticket_id GET parameter containing suspicious or encoded JavaScript payloads. Monitoring web server logs for URLs with the ticket_id parameter that include script tags or JavaScript code is a practical approach.
For example, you can use commands to search web server logs for suspicious ticket_id parameters:
- grep -i 'patient_JF.php' /var/log/apache2/access.log | grep 'ticket_id='
- grep -Eo 'ticket_id=[^&]+' /var/log/apache2/access.log | grep -i '<script\|javascript:'
Additionally, using web vulnerability scanners that detect reflected XSS vulnerabilities on the patient_JF.php endpoint with the ticket_id parameter can help identify exploitation attempts.
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to upgrade Open ISES Tickets to version 3.44.2 or later, where the reflected cross-site scripting vulnerability in patient_JF.php has been patched.
Until the upgrade can be applied, consider implementing input validation or sanitization on the ticket_id parameter to prevent injection of arbitrary JavaScript code.
Additionally, restricting access to the affected page to trusted users and monitoring for suspicious activity can help reduce risk.