CVE-2024-13598

Name of the Vulnerable Software and Affected Versions: SoftCOM iKSORIS Internet Starter versions prior to 79.0

Description: The issue is related to Reflected XSS (Cross-site Scripting) attacks. It occurs when a user creates new form fields, which can introduce new parameters vulnerable to XSS attacks. If a user is tricked into filling such a form with a malicious script, the code will be executed in their context.

Recommendations: For versions prior to 79.0, update to version 79.0 to resolve the issue. As a temporary workaround, consider restricting the use of the functionality that allows creating new form fields to minimize the risk of exploitation. Avoid using this functionality until the issue is resolved by updating to the patched version.