CVE-2024-48761

Reflected XSS vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to inject arbitrary JavaScript code via the "erro" parameter.

CVSS

No CVSS.

References

Link	Resource
https://github.com/gabriel-bri/vulnerability-research/tree/main/CVE-2024-48761	Exploit Third Party Advisory
https://github.com/gabriel-bri/vulnerability-research/tree/main/CVE-2024-48761	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:celk:celk_saude:3.1.252.1:*:*:*:*:*:*:*

History

23 May 2025, 15:26

Type	Values Removed	Values Added
References	~~() https://github.com/gabriel-bri/vulnerability-research/tree/main/CVE-2024-48761 -~~	() https://github.com/gabriel-bri/vulnerability-research/tree/main/CVE-2024-48761 - Exploit, Third Party Advisory
CPE		cpe:2.3:a:celk:celk_saude:3.1.252.1:::::::*
First Time		Celk celk Saude Celk

18 Mar 2025, 17:15

Type	Values Removed	Values Added
Summary	The specific component in Celk Saude 3.1.252.1 that processes user input and returns error messages to the client is vulnerable due to improper validation or sanitization of the "erro" parameter. This parameter appears as a response when incorrect credentials are entered during login. The lack of proper validation or sanitization makes the component susceptible to injection attacks, potentially allowing attackers to manipulate the input and exploit the system.	Reflected XSS vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to inject arbitrary JavaScript code via the "erro" parameter.

29 Jan 2025, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-29 22:15

Updated : 2025-05-23 15:26

NVD link : CVE-2024-48761

Mitre link : CVE-2024-48761

JSON object : View

Products Affected

celk

celk_saude

CWE

No CWE.

JSON object

Attach tags to CVE-2024-48761

Attach tags to `CVE-2024-48761`