Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-49706

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Open Redirect attacks by including base64 encoded URLs in the target parameter sent in a POST request to one of the endpoints. This vulnerability has been patched in version 79.0

Published

2025-04-14T12:15:15.280

Last Modified

2025-10-28T17:10:03.333

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.1 (MEDIUM)

Weaknesses

Type: Secondary
CWE-601

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	softcom.wroc	iksoris	< 79.0	Yes

References

https://cert.pl/en/posts/2025/04/CVE-2024-10087 Third Party Advisory ([email protected])
https://www.iksoris.pl/system-rezerwacji-i-sprzedazy-biletow-iksoris.html Product ([email protected])