PatchSiren cyber security CVE debrief
CVE-2026-48214 Open ISES CVE debrief
CVE-2026-48214 is a reflected cross-site scripting vulnerability reported in Open ISES Tickets before version 3.44.2. The issue affects add_nm.php, where an unsanitized ticket_id POST parameter can be reflected into an HTML form input value attribute and an inline JavaScript string literal. An authenticated attacker can cause malicious script to run in a victim’s browser when the crafted response is rendered.
- Vendor
- Open ISES
- Product
- Tickets
- CVSS
- MEDIUM 5.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-21
- Original CVE updated
- 2026-05-21
- Advisory published
- 2026-05-21
- Advisory updated
- 2026-05-21
Who should care
Administrators and developers responsible for Open ISES Tickets deployments, especially environments where authenticated users can access add_nm.php or where browser-based session abuse would be high impact.
Technical summary
The supplied record and referenced advisory indicate CWE-79 reflected XSS in add_nm.php. The vulnerable flow takes attacker-controlled ticket_id input and places it into HTML and inline JavaScript without sufficient encoding or sanitization. Because the browser renders the response in the authenticated user’s session context, the payload can execute with the victim’s privileges. The available evidence points to version 3.44.2 as the fixed release.
Defensive priority
Medium. The flaw requires authentication and user interaction, but it can still expose session data, alter page behavior, or support follow-on actions in the application context. Prioritize if the application is used by privileged staff or handles sensitive tickets.
Recommended defensive actions
- Upgrade Open ISES Tickets to version 3.44.2 or later.
- Review add_nm.php and related ticket-handling code for context-appropriate output encoding in HTML attribute and JavaScript string contexts.
- Treat ticket_id and similar request parameters as untrusted input even after authentication; validate against an allowlist where possible.
- Add or strengthen Content Security Policy controls to reduce the impact of reflected script execution.
- Audit browser-facing workflows for other reflected output paths that may reuse the same input handling pattern.
Evidence notes
This debrief is based only on the supplied source corpus: the NVD record for CVE-2026-48214, the Vulncheck advisory reference, the upstream commit reference, and the v3.44.2 release tag. The NVD record lists the weakness as CWE-79 and marks the vulnerability status as Deferred. The provided description identifies add_nm.php and the ticket_id POST parameter as the vulnerable path. Published and modified timestamps were both supplied as 2026-05-21 and are used here as the CVE timing context.
Official resources
Source attribution in the supplied data is low-confidence for the vendor field and marked needs review. The debrief relies on the NVD record and the referenced Vulncheck advisory material. No exploit steps or weaponized reproduction details