CVE-2024-10087

MEDIUM

SoftCOM iKSORIS < 79.0 - Reflected Cross-Site Scripting via Malicious Link

Title source: llm
STIX 2.1

Description

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS (Cross-site Scripting) attacks. An attacker might craft a link containing a malicious script, which then gets directly embedded in references to other resources, what causes the script to run in user's context multiple times.  This vulnerability has been patched in version 79.0

References (2)

Core 2

Scores

CVSS v3 5.4
EPSS 0.0021
EPSS Percentile 11.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
softcom.wroc/iksoris < 79.0
Published Apr 14, 2025
Tracked Since Feb 18, 2026