CVE-2024-49708

Name of the Vulnerable Software and Affected Versions: SoftCOM iKSORIS Internet Starter versions prior to 79.0

Description: The issue concerns a Stored XSS (Cross-site Scripting) attack. An attacker can trick a user into filling a form designed for setting delivery address with a malicious script, causing the script to run in the user's context.

Recommendations: For versions prior to 79.0, update to version 79.0 to resolve the issue. As a temporary workaround, consider restricting access to the form designed for setting delivery address to minimize the risk of exploitation.