CVE-2024-49706

MEDIUM

SoftCOM iKSORIS <79.0 - Open Redirect

Title source: llm

Description

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Open Redirect attacks by including base64 encoded URLs in the target parameter sent in a POST request to one of the endpoints. This vulnerability has been patched in version 79.0

References (2)

Core 2

Core References

Third Party Advisory third-party-advisory

https://cert.pl/en/posts/2025/04/CVE-2024-10087

Product product

https://www.iksoris.pl/system-rezerwacji-i-sprzedazy-biletow-iksoris.html

Scores

CVSS v3 6.1

EPSS 0.0029

EPSS Percentile 20.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-601

Status published

Products (1)

softcom.wroc/iksoris < 79.0

Published Apr 14, 2025

Tracked Since Feb 18, 2026