PT-2025-16229 · Softcom · Softcom Iksoris
Paweł Zdunek
·
Published
2025-04-14
·
Updated
2025-04-14
·
CVE-2024-13597
CVSS v4.0
5.1
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions:
SoftCOM iKSORIS versions prior to 79.0
Description:
The issue is related to a Reflected XSS (Cross-site Scripting) attack. An attacker can trick a user into filling a form sent to the login panel at "/softcom/" with a malicious script, causing the script to run in the user's context.
Recommendations:
For versions prior to 79.0, update to version 79.0 to resolve the issue. As a temporary workaround, consider restricting access to the "/softcom/" endpoint to minimize the risk of exploitation. Avoid using the login panel until the issue is resolved.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Softcom Iksoris