CVE-2026-48225
Deferred Deferred - Pending Action
Reflected XSS in Open ISES Tickets via landb.php

Publication date: 2026-05-21

Last updated on: 2026-05-21

Assigner: VulnCheck

Description
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in landb.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the _type POST parameter directly into an HTML form hidden input value attribute. Attackers can craft a malicious request containing a JavaScript payload that executes in the victim's browser when the response is rendered.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-21
Last Modified
2026-05-21
Generated
2026-05-22
AI Q&A
2026-05-21
EPSS Evaluated
N/A
NVD
CVE-2026-48225
EUVD
EUVD-2026-31304
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2026-48225 is a reflected cross-site scripting (XSS) vulnerability found in Open ISES Tickets versions before 3.44.2, specifically in the landb.php file.

This vulnerability occurs because the _type POST parameter is not properly sanitized before being embedded directly into an HTML form's hidden input value attribute.

An authenticated attacker can exploit this by injecting arbitrary JavaScript code through the _type parameter, which then executes in the victim's browser when the response is rendered.


How can this vulnerability impact me? :

This vulnerability can allow attackers to execute malicious JavaScript in the context of a victim's browser session.

  • Steal sensitive information such as session cookies or authentication tokens.
  • Perform actions on behalf of the victim user without their consent.
  • Potentially redirect users to malicious websites or display fraudulent content.

Since the attacker must be authenticated, the impact is limited to users with valid access, but it still poses a significant risk to user data and application integrity.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring HTTP POST requests to the landb.php file, specifically looking for the _type parameter containing suspicious or malicious JavaScript payloads.

You can use network traffic inspection tools or web application scanners to identify reflected XSS attempts targeting this parameter.

  • Use curl to send a crafted POST request to test for vulnerability: curl -X POST -d "_type=<script>alert(1)</script>" https://your-target-domain/landb.php -v
  • Use grep or similar tools on web server logs to search for suspicious _type parameter values containing script tags.
  • Employ web vulnerability scanners that support detection of reflected XSS vulnerabilities, targeting the landb.php endpoint.

What immediate steps should I take to mitigate this vulnerability?

The immediate step to mitigate this vulnerability is to upgrade Open ISES Tickets to version 3.44.2 or later, where the issue has been fixed.

Until the upgrade can be applied, restrict access to the affected landb.php endpoint to trusted authenticated users only.

Additionally, implement input validation and sanitization on the _type POST parameter to prevent injection of arbitrary JavaScript.

Consider deploying web application firewalls (WAFs) with rules to detect and block reflected XSS payloads targeting this parameter.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart