CVE-2024-49707 MEDIUM

CVE-2024-49707: XSS in iKSORIS

Vendor Softcom

Product iKSORIS

Weakness CWE-79 · XSS

Published April 14, 2025

Last update April 14, 2025

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS (Cross-site Scripting) attacks. An attacker might trick a user into filling a form designed for resetting user's password with a malicious script, what causes the script to run in user's context. This vulnerability has been patched in version 79.0

Key dates

02Disclosure timeline

April 14, 2025 CVE published

April 14, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-49707 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

CVE-2024-49707: XSS in iKSORIS

01Description

02Disclosure timeline

03References

04Related CVE