CVE-2026-35012
Reflected XSS in Open ISES Tickets Before 3.44.2
Publication date: 2026-05-20
Last updated on: 2026-05-20
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability is a reflected cross-site scripting (XSS) flaw that allows authenticated attackers to inject arbitrary JavaScript code, potentially leading to unauthorized actions or data exposure in the victim's browser.
Such vulnerabilities can impact compliance with standards like GDPR and HIPAA because they may lead to unauthorized access or disclosure of personal or sensitive information through client-side attacks.
Failure to address this vulnerability could result in non-compliance with data protection requirements that mandate safeguarding user data and preventing security breaches.
Can you explain this vulnerability to me?
CVE-2026-35012 is a reflected cross-site scripting (XSS) vulnerability found in Open ISES Tickets versions before 3.44.2, specifically in the add_facnote.php file.
This vulnerability allows authenticated attackers to inject arbitrary JavaScript code by manipulating the ticket_id parameter in a URL.
The issue arises because the ticket_id parameter is not properly sanitized and is directly embedded into a hidden input field's VALUE attribute, causing the malicious script to execute in the victim's browser when the crafted URL is visited.
How can this vulnerability impact me? :
This vulnerability can allow attackers to execute arbitrary JavaScript in the context of the victim's browser session.
Potential impacts include theft of session cookies, defacement of the web page, redirection to malicious sites, or performing actions on behalf of the victim.
Since the attacker must be authenticated, the risk is somewhat limited to users with access, but it still poses a medium severity threat with a CVSS score of 5.1.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for reflected cross-site scripting (XSS) attempts involving the ticket_id parameter in the add_facnote.php file of Open ISES Tickets versions before 3.44.2.
One way to detect it is to monitor HTTP requests to add_facnote.php and look for suspicious or malicious JavaScript payloads embedded in the ticket_id GET parameter.
For example, you can use network monitoring tools or web server logs to search for requests containing script tags or JavaScript code in the ticket_id parameter.
- Use grep on web server logs to find suspicious ticket_id parameters: grep -i 'ticket_id=.*<script' /path/to/access.log
- Use curl to test the vulnerability by sending a crafted URL with a JavaScript payload in the ticket_id parameter and observe if the payload is reflected: curl -i 'http://yourserver/add_facnote.php?ticket_id=<script>alert(1)</script>'
- Use automated web vulnerability scanners that support reflected XSS detection on the affected URL.
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to upgrade Open ISES Tickets to version 3.44.2 or later, where the reflected XSS issue in add_facnote.php has been patched.
Until the upgrade can be performed, restrict access to the affected add_facnote.php page to trusted authenticated users only, and consider implementing web application firewall (WAF) rules to block requests containing suspicious script payloads in the ticket_id parameter.
Additionally, educate users to avoid clicking on suspicious URLs that may contain malicious ticket_id parameters.