What is GHSA-88c4-3w29-68r3?

GHSA-88c4-3w29-68r3 is a security advisory published by GitHub Security Advisories with Medium severity. Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in...

Which CVE IDs does GHSA-88c4-3w29-68r3 cover?

GHSA-88c4-3w29-68r3 covers the following CVE IDs: CVE-2026-48230. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-88c4-3w29-68r3?

GHSA-88c4-3w29-68r3 has a CVSS v3 base score of 5.4, published by GitHub Security Advisories.

GHSA-88c4-3w29-68r3MediumCVSS 5.4

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in...

Vendor

GitHub Security Advisories

Published

May 21, 2026

Last Modified

May 21, 2026

🔗 CVE IDs covered (1)

CVE-2026-48230 →

📋 Description

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ticketsmdb_import.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters (mdbhost, mdbdb, mdbuser, mdbpassword, mdbprefix, ticketshost, ticketsdb, ticketsuser, ticketspassword, ticketsprefix) directly into HTML form hidden input value attributes. Attackers can craft a malicious request containing a JavaScript payload that executes in the victim's browser when the response is rendered.

🔗 References (5)

https://nvd.nist.gov/vuln/detail/CVE-2026-48230
https://github.com/openises/tickets/commit/ecfeb406a016766cae81c749e14b5145a9f2dbff
https://github.com/openises/tickets/releases/tag/v3.44.2
https://www.vulncheck.com/advisories/open-ises-tickets-reflected-xss-via-ticketsmdb-import-php-multiple-parameters
https://github.com/advisories/GHSA-88c4-3w29-68r3