CVE-2024-10087

MEDIUM

5.4

Description

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS (Cross-site Scripting) attacks. An attacker might craft a link containing a malicious script, which then gets directly embedded in references to other resources, what causes the script to run in user's context multiple times. This vulnerability has been patched in version 79.0

Details CVE

Score CVSS v3.15.4

SeveriteMEDIUM

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisLOW

Interaction utilisateurREQUIRED

Publie4/14/2025

Derniere modification10/28/2025

Sourcenvd

Observations honeypot0

Produits affectes

softcom.wroc:iksoris

Faiblesses (CWE)

CWE-79

References

https://cert.pl/en/posts/2025/04/CVE-2024-10087(cvd@cert.pl)

https://www.iksoris.pl/system-rezerwacji-i-sprzedazy-biletow-iksoris.html(cvd@cert.pl)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.