CVE-2024-49707

Name of the Vulnerable Software and Affected Versions: SoftCOM iKSORIS Internet Starter versions prior to 79.0

Description: The issue concerns a Reflected XSS (Cross-site Scripting) attack. An attacker could trick a user into filling a form designed for resetting the user's password with a malicious script, causing the script to run in the user's context.

Recommendations: For versions prior to 79.0, update to version 79.0 to resolve the issue. As a temporary workaround, consider restricting access to the password reset form until the update is applied. Avoid using the form for resetting user passwords until the issue is resolved.