A vulnerability was found in openises Tickets up to 3.44.1 and classified as problematic . Affected by this vulnerability is an unknown functionality of the file patient_w.php of the component Request Handler . Executing a manipulation of the argument id/ticket_id can lead to cross site scripting. This vulnerability appears as CVE-2026-48228 . The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.