nvd-json-data-feeds/CVE-2024/CVE-2024-100xx/CVE-2024-10089.json

{
  "id": "CVE-2024-10089",
  "sourceIdentifier": "cvd@cert.pl",
  "published": "2025-04-14T12:15:14.403",
  "lastModified": "2025-04-15T18:39:27.967",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Stored XSS (Cross-site Scripting) attacks. An attacker might trick a user into filling a form designed for changing user's data with a malicious script, what causes the script to run in user's context.\u00a0\nThis vulnerability has been patched in version 79.0"
    },
    {
      "lang": "es",
      "value": "Internet Starter, uno de los m\u00f3dulos del sistema SoftCOM iKSORIS, es vulnerable a ataques XSS almacenado (Cross-site Scripting). Un atacante podr\u00eda enga\u00f1ar a un usuario para que rellene un formulario dise\u00f1ado para modificar sus datos con un script malicioso, lo que provoca que el script se ejecute en el contexto del usuario. Esta vulnerabilidad ha sido corregida en la versi\u00f3n 79.0."
    }
  ],
  "metrics": {
    "cvssMetricV40": [
      {
        "source": "cvd@cert.pl",
        "type": "Secondary",
        "cvssData": {
          "version": "4.0",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "baseScore": 5.1,
          "baseSeverity": "MEDIUM",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "privilegesRequired": "NONE",
          "userInteraction": "ACTIVE",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "NONE",
          "vulnAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "LOW",
          "subIntegrityImpact": "LOW",
          "subAvailabilityImpact": "NONE",
          "exploitMaturity": "NOT_DEFINED",
          "confidentialityRequirement": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "availabilityRequirement": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "valueDensity": "NOT_DEFINED",
          "vulnerabilityResponseEffort": "NOT_DEFINED",
          "providerUrgency": "NOT_DEFINED"
        }
      }
    ]
  },
  "weaknesses": [
    {
      "source": "cvd@cert.pl",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://cert.pl/en/posts/2025/04/CVE-2024-10087",
      "source": "cvd@cert.pl"
    },
    {
      "url": "https://www.iksoris.pl/system-rezerwacji-i-sprzedazy-biletow-iksoris.html",
      "source": "cvd@cert.pl"
    }
  ]
}