CVE-2024-10087

Medium CVSS: 5.3

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS (Cross-site Scripting) attacks. An attacker might craft a link containing a malicious script, which then gets directly embedded in references to other resources, what causes the script to run in user's context multiple times.
This vulnerability has been patched in version 79.0

Vendor

Softcom.wroc

Product

Iksoris

CWE

CWE-79

Yayın Tarihi

2025-04-14 12:15:13

Güncelleme

2025-10-28 16:52:58

Source Identifier

cvd@cert.pl

KEV Date Added

Kategoriler

CWE-79 Iksoris MEDIUM Softcom.wroc 2025

Referanslar

https://cert.pl/en/posts/2025/04/CVE-2024-10087 https://www.iksoris.pl/system-rezerwacji-i-sprzedazy-biletow-iksoris.html

Benzer Kayıtlar

Medium

CVE-2024-49705

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to client-side Denial of Servise (DoS) attacks. A…

Medium

CVE-2024-49706

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Open Redirect attacks by including base64 enco…

Medium

CVE-2024-49707

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS (Cross-site Scripting) attacks.…

Medium

CVE-2024-49708

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Stored XSS (Cross-site Scripting) attacks. An…

Low

CVE-2024-49709

Internet Starter, one of SoftCOM iKSORIS system modules, allows for setting an arbitrary session cookie value. An attack…

Medium

CVE-2024-13598

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS (Cross-site Scripting) attacks.…