CVE-2024-10087

MEDIUM

5.4

Description

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS (Cross-site Scripting) attacks. An attacker might craft a link containing a malicious script, which then gets directly embedded in references to other resources, what causes the script to run in user's context multiple times. This vulnerability has been patched in version 79.0

CVE Details

CVSS v3.1 Score5.4

SeverityMEDIUM

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredLOW

User InteractionREQUIRED

Published4/14/2025

Last Modified10/28/2025

Sourcenvd

Honeypot Sightings0

Affected Products

softcom.wroc:iksoris

Weaknesses (CWE)

CWE-79

References

https://cert.pl/en/posts/2025/04/CVE-2024-10087(cvd@cert.pl)

https://www.iksoris.pl/system-rezerwacji-i-sprzedazy-biletow-iksoris.html(cvd@cert.pl)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.