CVE-2024-10089

Medium CVSS: 5.1

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Stored XSS (Cross-site Scripting) attacks. An attacker might trick a user into filling a form designed for changing user's data with a malicious script, what causes the script to run in user's context.
This vulnerability has been patched in version 79.0

Vendor

Softcom.wroc

Product

Iksoris

CWE

CWE-79

Yayın Tarihi

2025-04-14 12:15:14

Güncelleme

2025-10-28 17:12:14

Source Identifier

cvd@cert.pl

KEV Date Added

Kategoriler

CWE-79 Iksoris MEDIUM Softcom.wroc 2025

Referanslar

https://cert.pl/en/posts/2025/04/CVE-2024-10087 https://www.iksoris.pl/system-rezerwacji-i-sprzedazy-biletow-iksoris.html

Benzer Kayıtlar

Medium

CVE-2024-49705

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to client-side Denial of Servise (DoS) attacks. A…

Medium

CVE-2024-49706

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Open Redirect attacks by including base64 enco…

Medium

CVE-2024-49707

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS (Cross-site Scripting) attacks.…

Medium

CVE-2024-49708

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Stored XSS (Cross-site Scripting) attacks. An…

Low

CVE-2024-49709

Internet Starter, one of SoftCOM iKSORIS system modules, allows for setting an arbitrary session cookie value. An attack…

Medium

CVE-2024-13598

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS (Cross-site Scripting) attacks.…