Vulnerability Description
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in db_loader.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters (ticketshost, ticketsdb, ticketsuser, ticketspassword, ticketsprefix, db_schema) directly into HTML form input value attributes. Attackers can craft a malicious request containing a JavaScript payload that executes in the victim's browser when the response is rendered.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://github.com/openises/tickets/commit/ecfeb406a016766cae81c749e14b5145a9f2d
- https://github.com/openises/tickets/releases/tag/v3.44.2
- https://www.vulncheck.com/advisories/open-ises-tickets-reflected-xss-via-db-load
FAQ
What is CVE-2026-48216?
CVE-2026-48216 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in db_loader.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized va...
How severe is CVE-2026-48216?
CVE-2026-48216 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-48216?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.