CVE-2024-49707 XSS in iKSORIS

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS Cross-site Scripting attacks. An attacker might trick a user into filling a form designed for resetting user's password with a malicious script, what causes the script to run in user's context. This...

CVE-2024-49706

The CVE-2024-49706 entry concerns Internet Starter, a module of the SoftCOM iKSORIS system. The vulnerability is an Open Redirect caused by including base64-encoded URLs in the target parameter of a POST request to a specific endpoint. The underlying component exposed to this issue is the handlin...

CVE-2024-49705 XSS in iKSORIS

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to client-side Denial of Servise DoS attacks. An attacker might trick a user into using an URL with a d parameter set to an unhandled value. All the subsequent requests will not be accepted as the server returns an error...

CVE-2024-49705 XSS in iKSORIS

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to client-side Denial of Servise DoS attacks. An attacker might trick a user into using an URL with a d parameter set to an unhandled value. All the subsequent requests will not be accepted as the server returns an error...

CVE-2024-13598 XSS in iKSORIS

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS Cross-site Scripting attacks. Using a functionality of creating new form fields one creates new parameters vulnerable to XSS attacks. A user tricked into filling such a form with a malicious script will run th...

CVE-2024-13597 XSS in iKSORIS

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS Cross-site Scripting attacks. An attacker might trick a user into filling a form sent to login panel at /softcom/ with a malicious script, what causes the script to run in user's context. This vulnerability ha...

CVE-2024-13597

Technical details for CVE-2024-13597 are not publicly available in the provided documents. Monitor for updates from official sources; current materials only mention a Reflected XSS in Internet Starter and patch in v79.0.

CVE-2024-13597 XSS in iKSORIS

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS Cross-site Scripting attacks. An attacker might trick a user into filling a form sent to login panel at /softcom/ with a malicious script, what causes the script to run in user's context. This vulnerability ha...

CVE-2024-10090

CVE-2024-10090 affects Internet Starter, a module of SoftCOM iKSORIS. The flaw is a Reflected XSS in the user-creation form, allowing injected scripts to run in the victim’s browser context. The entry provides a standard CVSSv3.1 base score of 6.1 (MEDIUM) with network attack vector, no privilege...

CVE-2024-10090 XSS in iKSORIS

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS Cross-site Scripting attacks. An attacker might trick a user into filling a form designed for adding users with a malicious script, what causes the script to run in user's context. This vulnerability has been...

CVE-2024-10090 XSS in iKSORIS

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS Cross-site Scripting attacks. An attacker might trick a user into filling a form designed for adding users with a malicious script, what causes the script to run in user's context. This vulnerability has been...

CVE-2024-10088 XSS in iKSORIS

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS Cross-site Scripting attacks. An attacker might trick a user into filling a login form with a malicious script, what causes the script to run in user's context. This vulnerability has been patched in...

CVE-2024-10087

CVE-2024-10087 concerns the Internet Starter module of SoftCOM iKSORIS, which is vulnerable to a Reflected XSS attack. The issue arises when a crafted link containing malicious script is embedded in references to other resources, causing the script to execute in the user’s context. The CVSS metri...

CVE-2024-10087 XSS in iKSORIS

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS Cross-site Scripting attacks. An attacker might craft a link containing a malicious script, which then gets directly embedded in references to other resources, what causes the script to run in user's context...

PT-2025-16233 · Softcom · Softcom Iksoris Internet Starter

Name of the Vulnerable Software and Affected Versions: SoftCOM iKSORIS Internet Starter versions prior to 79.0 Description: The issue concerns a Stored XSS Cross-site Scripting attack. An attacker can trick a user into filling a form designed for setting delivery address with a malicious script,...

SoftCOM iKSORIS 跨站脚本漏洞

SoftCOM iKSORIS is an application from SoftCOM, Inc. A cross-site scripting vulnerability exists in SoftCOM iKSORIS versions prior to 79.0 that stems from a stored cross-site scripting attack that could lead to malicious script execution...

PT-2025-16228 · Softcom · Softcom Iksoris Internet Starter

Name of the Vulnerable Software and Affected Versions: SoftCOM iKSORIS Internet Starter versions prior to 79.0 Description: The issue is related to Reflected XSS Cross-site Scripting attacks. An attacker might trick a user into filling a form designed for adding users with a malicious script, whi...

SoftCOM iKSORIS 跨站脚本漏洞

SoftCOM iKSORIS is an application from SoftCOM, Inc. A cross-site scripting vulnerability exists in SoftCOM iKSORIS versions prior to 79.0 that stems from a stored cross-site scripting attack that could lead to malicious script execution...

SoftCOM iKSORIS 跨站脚本漏洞

SoftCOM iKSORIS is an application from SoftCOM, Inc. A cross-site scripting vulnerability exists in SoftCOM iKSORIS versions prior to 79.0, which stems from a reflective cross-site scripting attack that could lead to malicious script execution...

SoftCOM iKSORIS 跨站脚本漏洞

SoftCOM iKSORIS is an application from SoftCOM, Inc. A cross-site scripting vulnerability exists in SoftCOM iKSORIS versions prior to 79.0, which stems from a reflective cross-site scripting attack that could lead to malicious script execution...