CVE-2024-10087

MEDIUM

5.4

Beschreibung

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS (Cross-site Scripting) attacks. An attacker might craft a link containing a malicious script, which then gets directly embedded in references to other resources, what causes the script to run in user's context multiple times. This vulnerability has been patched in version 79.0

CVE Details

CVSS v3.1 Bewertung5.4

SchweregradMEDIUM

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienLOW

BenutzerinteraktionREQUIRED

Veroffentlicht4/14/2025

Zuletzt geandert10/28/2025

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

softcom.wroc:iksoris

Schwachen (CWE)

CWE-79

Referenzen

https://cert.pl/en/posts/2025/04/CVE-2024-10087(cvd@cert.pl)

https://www.iksoris.pl/system-rezerwacji-i-sprzedazy-biletow-iksoris.html(cvd@cert.pl)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.