A vulnerability was found in openises tickets up to 3.44.1 and classified as problematic . This impacts an unknown function of the file add_facnote.php of the component URL Handler . The manipulation of the argument ticket_id results in cross site scripting. This vulnerability is identified as CVE-2026-35012 . The attack can be executed remotely. There is not any exploit available. It is suggested to upgrade the affected component.