SoftCOM iKSORIS Internet Starter Module Reflected Cross-Site Scripting Vulnerability
Vulnerability
A reflected cross-site scripting vulnerability has been identified in the Internet Starter module of SoftCOM iKSORIS system, affecting all versions prior to 79.0. This vulnerability allows an attacker to inject malicious scripts into form fields, which are then executed in the context of the user. The issue arises from improper neutralization of input during web page generation, enabling the execution of scripts in the user's session.
Impact
Exploitation of this vulnerability allows for reflected cross-site scripting, where injected scripts are executed in the context of the user, potentially leading to unauthorized actions or data exposure.
Reproduction
To reproduce this vulnerability, create a new form field that accepts parameters. Once the field is created, fill it with a malicious script. When the form is submitted, the script will execute in the context of the user.
Remediation
Users can update to SoftCOM iKSORIS version 79.0 or later to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.