CVE-2024-13598

Medium CVSS: 5.1

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS (Cross-site Scripting) attacks. Using a functionality of creating new form fields one creates new parameters vulnerable to XSS attacks. A user tricked into filling such a form with a malicious script will run the code in their's context.
This vulnerability has been patched in version 79.0

Vendor

Softcom.wroc

Product

Iksoris

CWE

CWE-79

Yayın Tarihi

2025-04-14 12:15:14

Güncelleme

2025-10-28 17:11:46

Source Identifier

cvd@cert.pl

KEV Date Added

Kategoriler

CWE-79 Iksoris MEDIUM Softcom.wroc 2025

Referanslar

https://cert.pl/en/posts/2025/04/CVE-2024-10087 https://www.iksoris.pl/system-rezerwacji-i-sprzedazy-biletow-iksoris.html

Benzer Kayıtlar

Medium

CVE-2024-49705

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to client-side Denial of Servise (DoS) attacks. A…

Medium

CVE-2024-49706

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Open Redirect attacks by including base64 enco…

Medium

CVE-2024-49707

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS (Cross-site Scripting) attacks.…

Medium

CVE-2024-49708

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Stored XSS (Cross-site Scripting) attacks. An…

Low

CVE-2024-49709

Internet Starter, one of SoftCOM iKSORIS system modules, allows for setting an arbitrary session cookie value. An attack…

Medium

CVE-2024-10088

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS (Cross-site Scripting) attacks.…