13 matches found
EUVD-2024-54537
Malicious code in bioql PyPI...
EUVD-2024-54406
Malicious code in bioql PyPI...
EUVD-2024-54402
Malicious code in bioql PyPI...
EUVD-2024-54404
Malicious code in bioql PyPI...
CVE-2024-10089
Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Stored XSS Cross-site Scripting attacks. An attacker might trick a user into filling a form designed for changing user's data with a malicious script, what causes the script to run in user's context. This vulnerability has...
CVE-2024-10090
Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS Cross-site Scripting attacks. An attacker might trick a user into filling a form designed for adding users with a malicious script, what causes the script to run in user's context. This vulnerability has been...
CVE-2024-10087
Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS Cross-site Scripting attacks. An attacker might craft a link containing a malicious script, which then gets directly embedded in references to other resources, what causes the script to run in user's context...
CVE-2024-13597
Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS Cross-site Scripting attacks. An attacker might trick a user into filling a form sent to login panel at /softcom/ with a malicious script, what causes the script to run in user's context. This vulnerability ha...
CVE-2024-13598
Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS Cross-site Scripting attacks. Using a functionality of creating new form fields one creates new parameters vulnerable to XSS attacks. A user tricked into filling such a form with a malicious script will run th...
CVE-2024-13598
Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS Cross-site Scripting attacks. Using a functionality of creating new form fields one creates new parameters vulnerable to XSS attacks. A user tricked into filling such a form with a malicious script will run th...
CVE-2024-49708 XSS in iKSORIS
Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Stored XSS Cross-site Scripting attacks. An attacker might trick a user into filling a form designed for setting delivery address with a malicious script, what causes the script to run in user's context. This vulnerability...
CVE-2024-49707
CVE-2024-49707: Reflected XSS vulnerability in Internet Starter, a module of SoftCOM iKSORIS. An attacker could lure a user into submitting a password-reset form containing malicious script, which would execute in the user’s browser context. Affects Internet Starter component of the iKSORIS syste...
CVE-2024-13598
Internet Starter, a module of SoftCOM iKSORIS, is vulnerable to Reflected XSS via the form-field creation feature that adds new parameters. The vulnerability could allow an attacker to execute script in the victim’s browser context when a user submits a crafted form. The issue is addressed in ver...