1. What is this vulnerability and why does it matter?

This vulnerability, identified as CVE-2024-49708, is a Stored Cross-site Scripting (XSS) attack affecting the "Internet Starter" module of the SoftCOM iKSORIS system. It matters because an attacker can inject malicious scripts into a web application's database through a form (specifically, one designed for setting a delivery address). When other users access the affected web page, the malicious script is delivered to their browsers and executed within their context, potentially leading to session hijacking, data theft, defacement of the website, or redirection to malicious sites.

2. What are the CVSS score, severity level, and disclosure details?

The CVSS score for this vulnerability is 5.4, which generally categorizes it as a Medium severity level. The vulnerability was publicly published on 2025-04-14 12:06:31 and last modified on 2025-04-14 12:47:46.

3. Which products, vendors, systems, and versions are affected?

• Vendor: SoftCOM
• System: iKSORIS system
• Product/Module: Internet Starter
• Affected Versions: All versions prior to 79.0 are vulnerable.

4. What is the technical root cause and attack vector?

The technical root cause of this vulnerability is improper input validation and output encoding within the "Internet Starter" module. Specifically, the system fails to adequately sanitize or escape user-supplied data submitted through forms, such as the delivery address form, before storing it and later rendering it back to users.

The attack vector is a Stored Cross-site Scripting (XSS). An attacker injects malicious script code into a data input field (e.g., delivery address). This malicious data is then stored persistently by the application. When a legitimate user views a page that displays this stored, unvalidated data, the malicious script is executed in their web browser.

5. How can this vulnerability be exploited?

An attacker can exploit this vulnerability by crafting a malicious script (e.g., JavaScript) and submitting it through a form, such as the delivery address form, in the "Internet Starter" module. The system, failing to properly sanitize this input, stores the malicious script. When another user subsequently views a page that retrieves and displays this stored delivery address, the embedded malicious script is executed in their web browser, within the context of the vulnerable application. This execution can lead to various malicious activities without the user's consent.

6. What mitigation steps and patches are available?

The primary mitigation step and available patch for this vulnerability is to update the SoftCOM iKSORIS system. This vulnerability has been patched in version 79.0 of the "Internet Starter" module. Organizations should upgrade to version 79.0 or a later, patched version, as soon as possible.

7. How can vulnerable systems be detected?

Vulnerable systems can be detected by identifying the version of the "Internet Starter" module running within the SoftCOM iKSORIS system. Any installation running a version older than 79.0 is considered vulnerable to CVE-2024-49708. System administrators should check their installed software versions.

10. What public intelligence references and advisories exist?

• CVE ID: CVE-2024-49708
• CWE ID: CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

11. What is the risk assessment and urgency level?

The risk assessment for CVE-2024-49708 is Medium, as indicated by its CVSS score of 5.4. Stored XSS vulnerabilities can have significant impacts, including unauthorized access to sensitive information, session hijacking, defacement, and the execution of arbitrary code in the user's browser, potentially compromising user accounts and data integrity.

The urgency level to patch this vulnerability is High. Despite requiring user interaction for the initial injection, the stored nature of the XSS makes it a persistent threat that can affect multiple users over time. Given that a patch (version 79.0) is available, immediate action is recommended to mitigate the risk and protect users from potential exploitation.