CVE-2026-48227
Deferred Deferred - Pending Action
Reflected XSS in Open ISES Tickets Patient Portal

Publication date: 2026-05-21

Last updated on: 2026-05-21

Assigner: VulnCheck

Description
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in patient.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the id and ticket_id GET parameters directly into an HTML form action URL. Attackers can craft a malicious request containing a JavaScript payload that executes in the victim's browser when the response is rendered.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-21
Last Modified
2026-05-21
Generated
2026-05-22
AI Q&A
2026-05-21
EPSS Evaluated
N/A
NVD
CVE-2026-48227
EUVD
EUVD-2026-31307
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?

The immediate step to mitigate this vulnerability is to upgrade Open ISES Tickets to version 3.44.2 or later, where the issue has been patched.

Until the upgrade can be applied, restrict access to the patient.php page to trusted authenticated users and implement input validation or sanitization on the 'id' and 'ticket_id' parameters to prevent injection of malicious scripts.


Can you explain this vulnerability to me?

Open ISES Tickets versions below 3.44.2 contain a reflected cross-site scripting (XSS) vulnerability in the patient.php file. This vulnerability arises because the 'id' and 'ticket_id' GET parameters are not properly sanitized, allowing authenticated attackers to inject arbitrary JavaScript code.

When a victim accesses a specially crafted URL containing this malicious JavaScript payload, the script executes in their browser as the response is rendered, potentially compromising the victim's session or data.


How can this vulnerability impact me? :

This vulnerability can allow attackers to execute malicious JavaScript in the context of a victim's browser session. This can lead to unauthorized actions such as stealing session cookies, hijacking user accounts, or performing actions on behalf of the victim.

Since the attack requires the attacker to be authenticated, it primarily impacts users who have valid access, but it still poses a significant risk of session compromise and unauthorized data access.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by identifying requests to the patient.php file that include the 'id' and 'ticket_id' GET parameters containing suspicious or malicious JavaScript payloads.

You can monitor web server logs or use network traffic inspection tools to look for URLs with these parameters carrying script tags or encoded JavaScript.

  • Use grep or similar commands on web server logs to find suspicious requests, for example: grep -iE 'patient\.php.*(id|ticket_id)=.*<script' access.log
  • Use curl or wget to test the application by sending crafted requests with JavaScript payloads in the 'id' and 'ticket_id' parameters and observe if the payload is reflected in the response.

Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart