exploitDog

CVE-2024-13598

Опубликовано: 14 апр. 2025

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS (Cross-site Scripting) attacks. Using a functionality of creating new form fields one creates new parameters vulnerable to XSS attacks. A user tricked into filling such a form with a malicious script will run the code in their's context. This vulnerability has been patched in version 79.0

Ссылки

https://cert.pl/en/posts/2025/04/CVE-2024-10087
Third Party Advisory
https://www.iksoris.pl/system-rezerwacji-i-sprzedazy-biletow-iksoris.html
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:softcom.wroc:iksoris:*:*:*:*:*:*:*:*

Версия до 79.0 (исключая)

EPSS

Процентиль: 14%

0.00046

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-vrc8-xx22-hwgx

CVSS3: 6.1

github

10 месяцев назад

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS (Cross-site Scripting) attacks. Using a functionality of creating new form fields one creates new parameters vulnerable to XSS attacks. A user tricked into filling such a form with a malicious script will run the code in their's context. This vulnerability has been patched in version 79.0

EPSS

Процентиль: 14%

0.00046

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79