8 matches found
CVE-2024-49705
Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to client-side Denial of Servise DoS attacks. An attacker might trick a user into using an URL with a d parameter set to an unhandled value. All the subsequent requests will not be accepted as the server returns an error...
CVE-2024-49706
Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Open Redirect attacks by including base64 encoded URLs in the target parameter sent in a POST request to one of the endpoints. This vulnerability has been patched in version 79.0...
CVE-2024-49708
Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Stored XSS Cross-site Scripting attacks. An attacker might trick a user into filling a form designed for setting delivery address with a malicious script, what causes the script to run in user's context. This vulnerability...
CVE-2024-10090
Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS Cross-site Scripting attacks. An attacker might trick a user into filling a form designed for adding users with a malicious script, what causes the script to run in user's context. This vulnerability has been...
CVE-2024-13598
Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS Cross-site Scripting attacks. Using a functionality of creating new form fields one creates new parameters vulnerable to XSS attacks. A user tricked into filling such a form with a malicious script will run th...
CVE-2024-49705 XSS in iKSORIS
Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to client-side Denial of Servise DoS attacks. An attacker might trick a user into using an URL with a d parameter set to an unhandled value. All the subsequent requests will not be accepted as the server returns an error...
CVE-2024-13598
Internet Starter, a module of SoftCOM iKSORIS, is vulnerable to Reflected XSS via the form-field creation feature that adds new parameters. The vulnerability could allow an attacker to execute script in the victim’s browser context when a user submits a crafted form. The issue is addressed in ver...
CVE-2024-13597
Technical details for CVE-2024-13597 are not publicly available in the provided documents. Monitor for updates from official sources; current materials only mention a Reflected XSS in Internet Starter and patch in v79.0.