Vulnerability Details CVE-2024-49705
Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to client-side Denial of Servise (DoS) attacks. An attacker might trick a user into using an URL with a d parameter set to an unhandled value. All the subsequent requests will not be accepted as the server returns an error message. Since this parameter is sent as part of a session cookie, the issue persists until the session expires or the user deletes cookies manually.
Similar effect might be achieved when a user tries to change platform language to an unimplemented one.
This vulnerability has been patched in version 79.0
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 8.4%
CVSS Severity
CVSS v3 Score 6.5
References
Products affected by CVE-2024-49705
-
cpe:2.3:a:softcom.wroc:iksoris:-