A vulnerability, which was classified as problematic , was found in openises Tickets up to 3.44.1 . This impacts an unknown function of the file os_watch.php of the component Request Handler . Such manipulation of the argument ref/mode_orig leads to cross site scripting. This vulnerability is documented as CVE-2026-48226 . The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.