CVE-2026-48221
Reflected XSS in Open ISES Tickets
Publication date: 2026-05-21
Last updated on: 2026-05-21
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how the reflected cross-site scripting (XSS) vulnerability in Open ISES Tickets affects compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
CVE-2026-48221 is a reflected cross-site scripting (XSS) vulnerability found in Open ISES Tickets versions before 3.44.2, specifically in the ics205a.php file.
The vulnerability occurs because the frm_add_str POST parameter is not properly sanitized before being embedded directly into an HTML form's hidden input value attribute.
This allows an authenticated attacker to inject arbitrary JavaScript code that executes in the victim's browser when the server response is rendered.
How can this vulnerability impact me? :
This vulnerability can allow attackers to execute malicious JavaScript in the context of a victim's browser session.
Potential impacts include theft of sensitive information such as session cookies, user impersonation, and performing unauthorized actions on behalf of the victim.
Since the attacker must be authenticated, the risk is limited to users with access, but it still poses a significant security threat.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the ics205a.php endpoint for reflected cross-site scripting via the frm_add_str POST parameter. An authenticated user can send a crafted POST request containing a JavaScript payload in the frm_add_str parameter and observe if the payload is reflected unsanitized in the HTML response.
A possible command to test this using curl might be:
- curl -X POST -d "frm_add_str=<script>alert('XSS')</script>" https://target-site/ics205a.php --cookie "session=your_auth_cookie" -v
If the response contains the injected script code without proper sanitization, the vulnerability is present.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade Open ISES Tickets to version 3.44.2 or later, where the vulnerability has been patched.
Until the upgrade can be applied, restrict access to the affected ics205a.php page to trusted authenticated users only, and consider implementing web application firewall (WAF) rules to detect and block suspicious payloads in the frm_add_str POST parameter.