CVE-2026-35014
Reflected XSS in Open ISES Tickets
Publication date: 2026-05-20
Last updated on: 2026-05-20
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openises | tickets | to 3.44.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-35014 is a reflected cross-site scripting (XSS) vulnerability found in Open ISES Tickets versions before 3.44.2, specifically in the routes_nm.php file.
The vulnerability occurs because the ticket_id GET parameter is not properly sanitized before being embedded directly into a hidden input field's VALUE attribute on a webpage.
An attacker can craft a malicious URL containing JavaScript code in the ticket_id parameter, which executes in the victim's browser when they visit the URL, potentially allowing the attacker to run arbitrary scripts.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to execute arbitrary JavaScript in the context of a victim's browser session when they visit a maliciously crafted URL.
Such execution can lead to theft of sensitive information like session cookies, user credentials, or other data accessible via the browser.
It can also enable attackers to perform actions on behalf of the user, manipulate webpage content, or redirect users to malicious sites.
Overall, it poses a medium severity risk that can compromise user security and trust.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying attempts to exploit the reflected cross-site scripting (XSS) in the ticket_id GET parameter of the routes_nm.php file. Monitoring web server logs for suspicious URLs containing JavaScript payloads in the ticket_id parameter is a practical approach.
- Use web server log analysis tools or commands like grep to search for suspicious ticket_id parameters, for example: grep -i 'ticket_id=' /var/log/apache2/access.log
- Look for URL patterns that include JavaScript code or encoded payloads in the ticket_id parameter.
- Use web vulnerability scanners that can test for reflected XSS vulnerabilities by injecting payloads into the ticket_id parameter.
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to upgrade Open ISES Tickets to version 3.44.2 or later, where the reflected XSS vulnerability in routes_nm.php has been patched.
The patch includes proper sanitization of user inputs in the ticket_id parameter using functions like intval() and htmlspecialchars(), preventing injection of malicious JavaScript.
If upgrading immediately is not possible, consider implementing input validation and sanitization on the ticket_id parameter at the web server or application firewall level to block suspicious payloads.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability is a reflected cross-site scripting (XSS) issue that allows attackers to inject arbitrary JavaScript into the application, potentially leading to unauthorized actions or data exposure in the victim's browser.
Such vulnerabilities can impact compliance with standards like GDPR and HIPAA because they may lead to unauthorized access or disclosure of personal or sensitive data through client-side attacks.
However, the provided information does not explicitly discuss the direct impact of this vulnerability on compliance with these regulations or any specific compliance risks.