CVE-2026-48226— Open ISES Tickets < 3.44.2 Reflected XSS via os_watch.php ref and mode_orig Parameters
Possible ATT&CK Techniques 3AI
T1059 · Command and Scripting Interpreter T1071 · Application Layer Protocol T1189 · Drive-by CompromiseGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-48226
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Open ISES Tickets < 3.44.2 Reflected XSS via os_watch.php ref and mode_orig Parameters
Source: NVD (National Vulnerability Database)
Vulnerability Description
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in os_watch.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ref and mode_orig POST parameters directly into HTML form hidden input value attributes. Attackers can craft a malicious request containing a JavaScript payload that executes in the victim's browser when the response is rendered.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Source: NVD (National Vulnerability Database)
Vulnerability Title
tickets 跨站脚本漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
tickets是Open ISES开源的一款公共安全调度管理与追踪应用。 tickets 3.44.2之前版本存在跨站脚本漏洞,该漏洞源于在os_watch.php中通过ref和mode_orig POST参数传递未清理的值直接注入到HTML表单隐藏输入值属性,可能导致经过身份验证的攻击者注入任意JavaScript,在受害者浏览器中执行反射型跨站脚本攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-48226
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-48226
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-48226 (1)
Vendor Pages for CVE-2026-48226 (1)
Same Patch Batch · Open ISES · 2026-05-21 · 37 CVEs total
| CVE-2026-48235 | 8.2 HIGH | Open ISES Tickets < 3.44.2 SQL Injection in incs/remotes.inc.php via External GPS Tracker |
| CVE-2026-48241 | 8.1 HIGH | Open ISES Tickets < 3.44.2 Hardcoded MySQL Database Credentials in loader.php |
| CVE-2026-48242 | 8.1 HIGH | Open ISES Tickets < 3.44.2 Hardcoded MySQL Database Credentials in import_mdb.php |
| CVE-2026-48236 | 7.1 HIGH | Open ISES Tickets < 3.44.2 SQL Injection via db_loader.php Multiple Parameters |
| CVE-2026-48238 | 7.1 HIGH | Open ISES Tickets < 3.44.2 SQL Injection via ajax/mobile_main.php id Parameter |
| CVE-2026-48240 | 7.1 HIGH | Open ISES Tickets < 3.44.2 SQL Injection via ajax/statistics.php tick_id and f_tick_id Par |
| CVE-2026-48233 | 7.1 HIGH | Open ISES Tickets < 3.44.2 SQL Injection via ajax/sit_incidents.php offset Parameter |
| CVE-2026-48231 | 7.1 HIGH | Open ISES Tickets < 3.44.2 SQL Injection via tables.php Multiple Parameters |
| CVE-2026-48239 | 7.1 HIGH | Open ISES Tickets < 3.44.2 SQL Injection via ajax/reports.php tick_id Parameter |
| CVE-2026-48234 | 7.1 HIGH | Open ISES Tickets < 3.44.2 SQL Injection via portal/ajax/list_requests.php sort and dir Pa |
| CVE-2026-48232 | 7.1 HIGH | Open ISES Tickets < 3.44.2 SQL Injection via ajax/fullsit_incidents.php offset Parameter |
| CVE-2026-48237 | 7.1 HIGH | Open ISES Tickets < 3.44.2 SQL Injection via message.php frm_ticket_id and frm_resp_id Par |
| CVE-2026-48246 | 5.9 MEDIUM | Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verification in ajax/reports.php |
| CVE-2026-48249 | 5.9 MEDIUM | Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verification in rm/incs/mobile_login.i |
| CVE-2026-48247 | 5.9 MEDIUM | Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verification in incs/functions.inc.php |
| CVE-2026-48248 | 5.9 MEDIUM | Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verification in incs/login.inc.php |
| CVE-2026-48229 | 5.4 MEDIUM | Open ISES Tickets < 3.44.2 Reflected XSS via routes_i.php ticket_id Parameter |
| CVE-2026-48228 | 5.4 MEDIUM | Open ISES Tickets < 3.44.2 Reflected XSS via patient_w.php id and ticket_id Parameters |
| CVE-2026-48230 | 5.4 MEDIUM | Open ISES Tickets < 3.44.2 Reflected XSS via ticketsmdb_import.php Multiple POST Parameter |
| CVE-2026-48222 | 5.4 MEDIUM | Open ISES Tickets < 3.44.2 Reflected XSS via ics213.php frm_add_str Parameter |
Showing top 20 of 37 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Tickets
- CVE-2026-48249
Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verifica - CVE-2026-48248
Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verifica - CVE-2026-48247
Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verifica - CVE-2026-48246
Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verifica - CVE-2026-48245
Open ISES Tickets < 3.44.2 Hardcoded Google Maps API Key in
Same vendor: Open ISES
- CVE-2026-48249
Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verifica - CVE-2026-48248
Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verifica - CVE-2026-48247
Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verifica - CVE-2026-48246
Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verifica - CVE-2026-48245
Open ISES Tickets < 3.44.2 Hardcoded Google Maps API Key in
Same weakness: CWE-79
- CVE-2026-9377
SourceCodester SUP Online Shopping productedit.php cross sit - CVE-2026-9357
vBulletin Login cross site scripting - CVE-2018-25349
userSpice 4.3.24 Cross-Site Scripting via X-Forwarded-For He - CVE-2026-41147
NukeViet CMS: Stored Cross-Site Scripting (XSS) via insuffic - CVE-2026-40607
MantisBT is Vulnerable to Stored XSS Through its Saved-Filte
V. Comments for CVE-2026-48226
No comments yet