CVE-2024-13598

Internet Starter, one of SoftCOM iKSORIS system modules, is  vulnerable to Reflected XSS (Cross-site Scripting) attacks. Using a functionality of creating new form fields one creates new parameters vulnerable to XSS attacks. A user tricked into filling such a form with a malicious script will run the code in their'scontext.
This vulnerability has been patched in version 79.0
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
CERT-PLCNA
---
---
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 21%
Common Weakness Enumeration
References
https://cert.pl/en/posts/2025/04/CVE-2024-10087
https://www.iksoris.pl/system-rezerwacji-i-sprzedazy-biletow-iksoris.html