CVE-2026-35011
Reflected XSS in Open ISES Tickets via opena.php
Publication date: 2026-05-20
Last updated on: 2026-05-20
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-35011 is a reflected cross-site scripting (XSS) vulnerability found in Open ISES Tickets versions before 3.44.2, specifically in the opena.php file.
The vulnerability occurs because the frm_call GET parameter does not properly sanitize user input, allowing an authenticated attacker to inject arbitrary JavaScript code.
An attacker can craft a malicious URL containing a JavaScript payload in the frm_call parameter. When a victim visits this URL, the injected script executes in their browser.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how this reflected cross-site scripting (XSS) vulnerability in Open ISES Tickets affects compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability impact me? :
This vulnerability can allow attackers to execute arbitrary JavaScript in the context of a victim's browser when they visit a maliciously crafted URL.
Such execution can lead to theft of sensitive information, session hijacking, or performing actions on behalf of the victim within the affected application.
Because the attacker must be authenticated, the impact is limited to users with access, but it still poses a medium severity risk as indicated by the CVSS score of 5.1.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying attempts to exploit the reflected XSS in the opena.php file via the frm_call GET parameter.
You can monitor web server logs for suspicious URLs containing the frm_call parameter with JavaScript payloads.
- Use grep or similar tools to search for 'opena.php' requests with 'frm_call=' in your web server access logs, for example:
- grep 'opena.php' /var/log/apache2/access.log | grep 'frm_call='
- Look for suspicious JavaScript code patterns in the frm_call parameter, such as '<script>', 'javascript:', or encoded payloads.
- Use web vulnerability scanners or automated tools that can test for reflected XSS vulnerabilities by sending crafted requests to opena.php with various payloads in frm_call.
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to upgrade Open ISES Tickets to version 3.44.2 or later, where the issue has been patched.
Until the upgrade can be applied, restrict access to the vulnerable opena.php endpoint to trusted users only, as exploitation requires authentication.
Additionally, implement web application firewall (WAF) rules to detect and block requests containing suspicious scripts or payloads in the frm_call parameter.
Educate users to avoid clicking on suspicious URLs that may contain malicious frm_call parameters.