|
21
|
8.2 |
HIGH
Network
|
-
|
-
|
Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in incs/remotes.inc.php where latitude, longitude, callsign, mph, altitude, and timestamp values parsed from external GPS tracki…
New
|
CWE-89
SQL Injection
|
CVE-2026-48235
|
2026-05-22 03:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
22
|
7.1 |
HIGH
Network
|
-
|
-
|
Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in portal/ajax/list_requests.php where the sort and dir GET parameters are concatenated into the ORDER BY clause of a SELECT sta…
New
|
CWE-89
SQL Injection
|
CVE-2026-48234
|
2026-05-22 03:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
23
|
7.1 |
HIGH
Network
|
-
|
-
|
Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/sit_incidents.php where the offset GET parameter is concatenated into the LIMIT clause of a SELECT statement without san…
New
|
CWE-89
SQL Injection
|
CVE-2026-48233
|
2026-05-22 03:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
24
|
7.1 |
HIGH
Network
|
-
|
-
|
Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/fullsit_incidents.php where the offset GET parameter is concatenated into the LIMIT clause of a SELECT statement without…
New
|
CWE-89
SQL Injection
|
CVE-2026-48232
|
2026-05-22 03:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
25
|
7.1 |
HIGH
Network
|
-
|
-
|
Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in tables.php where the multiple POST parameters (tablename, indexname, sortby) are concatenated into table/column identifiers i…
New
|
CWE-89
SQL Injection
|
CVE-2026-48231
|
2026-05-22 03:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
26
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ticketsmdb_import.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsan…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-48230
|
2026-05-22 03:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
27
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in routes_i.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized va…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-48229
|
2026-05-22 03:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
28
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in patient_w.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized v…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-48228
|
2026-05-22 03:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
29
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in patient.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized val…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-48227
|
2026-05-22 03:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
30
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in os_watch.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized va…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-48226
|
2026-05-22 03:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
