CVE-2024-10087

MEDIUM

5.4

Descricao

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS (Cross-site Scripting) attacks. An attacker might craft a link containing a malicious script, which then gets directly embedded in references to other resources, what causes the script to run in user's context multiple times. This vulnerability has been patched in version 79.0

Detalhes CVE

Pontuacao CVSS v3.15.4

SeveridadeMEDIUM

Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Vetor de ataqueNETWORK

ComplexidadeLOW

Privilegios necessariosLOW

Interacao do usuarioREQUIRED

Publicado4/14/2025

Ultima modificacao10/28/2025

Fontenvd

Avistamentos honeypot0

Produtos afetados

softcom.wroc:iksoris

Fraquezas (CWE)

CWE-79

Referencias

https://cert.pl/en/posts/2025/04/CVE-2024-10087(cvd@cert.pl)

https://www.iksoris.pl/system-rezerwacji-i-sprzedazy-biletow-iksoris.html(cvd@cert.pl)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.