A vulnerability was found in openises tickets up to 3.44.1 . It has been rated as problematic . Affected by this issue is some unknown functionality of the file routes_nm.php of the component URL Handler . Performing a manipulation of the argument ticket_id results in cross site scripting. This vulnerability is cataloged as CVE-2026-35014 . It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is advised.