exploitDog

CVE-2024-10087

Опубликовано: 14 апр. 2025

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS (Cross-site Scripting) attacks. An attacker might craft a link containing a malicious script, which then gets directly embedded in references to other resources, what causes the script to run in user's context multiple times. This vulnerability has been patched in version 79.0

Ссылки

https://cert.pl/en/posts/2025/04/CVE-2024-10087
Third Party Advisory
https://www.iksoris.pl/system-rezerwacji-i-sprzedazy-biletow-iksoris.html
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:softcom.wroc:iksoris:*:*:*:*:*:*:*:*

Версия до 79.0 (исключая)

EPSS

Процентиль: 14%

0.00046

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-j848-rv24-jm27

CVSS3: 5.4

github

10 месяцев назад

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS (Cross-site Scripting) attacks. An attacker might craft a link containing a malicious script, which then gets directly embedded in references to other resources, what causes the script to run in user's context multiple times. This vulnerability has been patched in version 79.0

EPSS

Процентиль: 14%

0.00046

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79