CVE-2024-10088

Sažetak

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS (Cross-site Scripting) attacks. An attacker might trick a user into filling a login form with a malicious script, what causes the script to run in user's context. This vulnerability has been patched in version 79.0

Reference

https://cert.pl/en/posts/2025/04/CVE-2024-10087
https://www.iksoris.pl/system-rezerwacji-i-sprzedazy-biletow-iksoris.html

CVSS

Base:	6.1
Impact:	2.7
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Zadnje važnije ažuriranje

28-10-2025 - 17:12

Objavljeno

14-04-2025 - 12:15