CVE-2026-35011

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in opena.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frm_call GET parameter directly into page output. Attackers can craft a malicious URL containing a JavaScript payload in the frm_call parameter that executes in the victim's browser when the URL is visited.
Configurations

No configuration.

History

20 May 2026, 20:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-05-20 20:16

Updated : 2026-07-14 21:16


NVD link : CVE-2026-35011

Mitre link : CVE-2026-35011

CVE.ORG link : CVE-2026-35011


JSON object : View

Products Affected

No product.

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')