CVE-2024-10088
📋 TL;DR
This CVE describes a reflected cross-site scripting (XSS) vulnerability in Internet Starter, a module of the SoftCOM iKSORIS system. Attackers can trick users into submitting malicious scripts through login forms, which then execute in the victim's browser context. Organizations using vulnerable versions of iKSORIS Internet Starter are affected.
💻 Affected Systems
- SoftCOM iKSORIS Internet Starter module
📦 What is this software?
Iksoris by Softcom.wroc
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal user session cookies, credentials, or perform actions on behalf of authenticated users, potentially leading to account takeover or data theft.
Likely Case
Attackers would typically use this to steal session cookies or credentials from users tricked into clicking malicious links, enabling unauthorized access to the iKSORIS system.
If Mitigated
With proper input validation and output encoding, the malicious scripts would be neutralized before execution, preventing exploitation.
🎯 Exploit Status
Reflected XSS typically requires user interaction (clicking a malicious link) but is straightforward to exploit once the vulnerability is identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 79.0
Vendor Advisory: https://www.iksoris.pl/system-rezerwacji-i-sprzedazy-biletow-iksoris.html
Restart Required: Yes
Instructions:
1. Download version 79.0 or later from the vendor. 2. Backup current installation. 3. Apply the update according to vendor instructions. 4. Restart the iKSORIS service or server.
🔧 Temporary Workarounds
Implement WAF rules
allConfigure web application firewall to block XSS payloads in URL parameters and form inputs
Input validation middleware
allAdd server-side validation to sanitize user inputs in login forms
🧯 If You Can't Patch
- Implement strict Content Security Policy (CSP) headers to prevent script execution from untrusted sources
- Disable or restrict access to the Internet Starter module if not essential
🔍 How to Verify
Check if Vulnerable:
Test by attempting to inject script payloads into login form parameters and observing if they execute in the browserCheck Version:
Check the iKSORIS administration panel or configuration files for version informationVerify Fix Applied:
After patching, repeat the XSS test to confirm scripts are properly sanitized and do not execute📡 Detection & Monitoring
Log Indicators:
- Unusual script-like patterns in URL parameters or form submissions
- Multiple failed login attempts with suspicious payloads
Network Indicators:
- HTTP requests containing script tags or JavaScript in URL parameters
- Traffic to known malicious domains following login attempts
SIEM Query:
source="web_logs" AND (url="*<script>*" OR url="*javascript:*" OR form_data="*<script>*")