A vulnerability categorized as problematic has been discovered in openises tickets up to 3.44.1 . This affects an unknown part of the file do_unit_mail.php of the component URL Handler . Executing a manipulation of the argument the_ticket can lead to cross site scripting. This vulnerability is registered as CVE-2026-35015 . It is possible to launch the attack remotely. No exploit is available. It is advisable to upgrade the affected component.