|
1521
|
7.1 |
HIGH
Network
|
-
|
-
|
Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in db_loader.php where the multiple POST parameters (ticketsdb, ticketshost, ticketsuser, ticketspassword) are concatenated into…
|
CWE-89
SQL Injection
|
CVE-2026-48236
|
2026-05-22 03:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1522
|
8.2 |
HIGH
Network
|
-
|
-
|
Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in incs/remotes.inc.php where latitude, longitude, callsign, mph, altitude, and timestamp values parsed from external GPS tracki…
|
CWE-89
SQL Injection
|
CVE-2026-48235
|
2026-05-22 03:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1523
|
7.1 |
HIGH
Network
|
-
|
-
|
Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in portal/ajax/list_requests.php where the sort and dir GET parameters are concatenated into the ORDER BY clause of a SELECT sta…
|
CWE-89
SQL Injection
|
CVE-2026-48234
|
2026-05-22 03:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1524
|
7.1 |
HIGH
Network
|
-
|
-
|
Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/sit_incidents.php where the offset GET parameter is concatenated into the LIMIT clause of a SELECT statement without san…
|
CWE-89
SQL Injection
|
CVE-2026-48233
|
2026-05-22 03:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1525
|
7.1 |
HIGH
Network
|
-
|
-
|
Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/fullsit_incidents.php where the offset GET parameter is concatenated into the LIMIT clause of a SELECT statement without…
|
CWE-89
SQL Injection
|
CVE-2026-48232
|
2026-05-22 03:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1526
|
7.1 |
HIGH
Network
|
-
|
-
|
Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in tables.php where the multiple POST parameters (tablename, indexname, sortby) are concatenated into table/column identifiers i…
|
CWE-89
SQL Injection
|
CVE-2026-48231
|
2026-05-22 03:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1527
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ticketsmdb_import.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsan…
|
CWE-79
Cross-site Scripting
|
CVE-2026-48230
|
2026-05-22 03:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1528
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in routes_i.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized va…
|
CWE-79
Cross-site Scripting
|
CVE-2026-48229
|
2026-05-22 03:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1529
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in patient_w.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized v…
|
CWE-79
Cross-site Scripting
|
CVE-2026-48228
|
2026-05-22 03:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1530
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in patient.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized val…
|
CWE-79
Cross-site Scripting
|
CVE-2026-48227
|
2026-05-22 03:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
