A vulnerability, which was classified as problematic , was found in openises Tickets up to 3.44.1 . The affected element is an unknown function of the file db_loader.php . The manipulation of the argument ticketshost/ticketsdb/ticketsuser/ticketspassword/ticketsprefix/db_schema results in cross site scripting. This vulnerability is reported as CVE-2026-48216 . The attack can be launched remotely. No exploit exists. You should upgrade the affected component.