A vulnerability, which was classified as problematic , was found in openises tickets up to 3.44.1 . The impacted element is an unknown function of the file patient_JF.php of the component URL Handler . Executing a manipulation of the argument ticket_id can lead to cross site scripting. The identification of this vulnerability is CVE-2026-35010 . The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.