4 matches found
CVE-2024-48761
CVE-2024-48761 affects Celk Saude v3.1.252.1 and is a reflected XSS vulnerability exploitable via the erro parameter, allowing remote injection of JavaScript. Several connected sources confirm the same issue and describe improper validation/sanitization of the erro input as the root cause. Impact...
CVE-2024-51182
CVE-2024-51182 affects Celk Sistemas Celk Saude v3.1.252.1. The vulnerability is an HTML injection via the erro parameter, enabling a remote attacker to inject arbitrary HTML code and potentially manipulate renderings. CVSS 3.1 base score 6.1 (Network, Privileges None, User Interaction Required; ...
CVE-2024-55198
CVE-2024-55198 affects Celk Sistemas Celk Saude v3.1.252.1. The vulnerability arises from discrepancies in error messages in the password recovery flow, enabling a remote attacker to enumerate existing users. Impact is user enumeration; no additional exploit details or exploitation status are pro...
CVE-2024-55199
CVE-2024-55199 describes a Stored XSS in Celk Sistemas Celk Saude v3.1.252.1. The vulnerability allows an attacker to embed JavaScript inside a PDF uploaded via the file-upload feature; when the PDF is rendered, the script executes in the user’s browser. Affected product/version: Celk Saude v3.1....