A vulnerability has been found in openises tickets up to 3.44.1 and classified as problematic . This affects an unknown function of the file opena.php of the component URL Handler . The manipulation of the argument frm_call leads to cross site scripting. This vulnerability is referenced as CVE-2026-35011 . Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.