CVE-2024-10087 Information

Description

Internet Starter one of SoftCOM iKSORIS system modules is vulnerable to Reflected XSS (Cross-site Scripting) attacks. An attacker might craft a link containing a malicious script which then gets directly embedded in references to other resources what causes the script to run in user’s context multiple times.  This vulnerability has been patched in version 79.0

Reference

https://cert.pl/en/posts/2025/04/CVE-2024-10087 https://www.iksoris.pl/system-rezerwacji-i-sprzedazy-biletow-iksoris.html