CVE-2026-48230

216.73.217.22

· Published 21/05/2026 18:16 · Modified 21/05/2026 19:10

Labels: CVE-2026-48230 2026-05-21 CVE-2026-48230 CWE-79 [email protected]

Essential information

Published: 21/05/2026 18:16
Modified: 21/05/2026 19:10
Author: —
Creator: —
CVSS: 5.1 MEDIUM (v3) 5.1 MEDIUM (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ticketsmdb_import.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters (mdbhost, mdbdb, mdbuser, mdbpassword, mdbprefix, ticketshost, ticketsdb, ticketsuser, ticketspassword, ticketsprefix) directly into HTML form hidden input value attributes. Attackers can craft a malicious request containing a JavaScript payload that executes in the victim's browser when the response is rendered.

NVD status

Status: Deferred — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
open isestickets / open isestickets	`cpe:2.3:a:open_isestickets:open_isestickets::::::::`