CVE-2026-1049

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-1049

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-1049.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-1049

Published

2026-01-17T18:15:48.717Z

Modified

2026-03-15T22:49:05.840654Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A security vulnerability has been detected in LigeroSmart up to 6.1.26. The affected element is an unknown function of the file /otrs/index.pl. Such manipulation of the argument TicketID leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.

References

Affected packages

Git / github.com/ligerosmart/ligerosmart

Affected ranges

Type

GIT

Repo

https://github.com/ligerosmart/ligerosmart

Events

Introduced

Last affected

61dab1b0104eb8501890b4ba69afab3a08f17127

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.1.26"
        }
    ]
}

Affected versions

6.*

6.1.1

6.1.10

6.1.11

6.1.12

6.1.13

6.1.14

6.1.15

6.1.16

6.1.17

6.1.18

6.1.19

6.1.2

6.1.20

6.1.21

6.1.22

6.1.23

6.1.24

6.1.25

6.1.26

6.1.3

6.1.4

6.1.5

6.1.6

6.1.7

6.1.8

6.1.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-1049.json"