Vulnerabilities in SoftCOM iKSORIS software

CERT Polska disclosed a coordinated set of vulnerabilities in the Internet Starter module of SoftCOM iKSORIS (multiple CVEs), including several reflected and stored XSS flaws, an open redirect, an uncaught-exception client-side DoS, and session-fixation/arbitrary-session-cookie weaknesses that could enable account takeover; all issues were reported by Paweł Zdunek (Afine Team) and patched in iKSORIS version 79.0.