CVE-2024-48761

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-48761
Reflected XSS vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to inject arbitrary JavaScript code via the "erro" parameter.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/gabriel-bri/vulnerability-research/tree/main/CVE-2024-48761 Exploit Third Party Advisory
https://github.com/gabriel-bri/vulnerability-research/tree/main/CVE-2024-48761 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:celk:celk_saude:3.1.252.1:*:*:*:*:*:*:*
History

23 May 2025, 15:26

Type Values Removed Values Added
First Time Celk celk Saude
Celk
CPE cpe:2.3:a:celk:celk_saude:3.1.252.1:*:*:*:*:*:*:*
References () https://github.com/gabriel-bri/vulnerability-research/tree/main/CVE-2024-48761 - () https://github.com/gabriel-bri/vulnerability-research/tree/main/CVE-2024-48761 - Exploit, Third Party Advisory

03 Apr 2025, 15:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 9.8 		v2 : unknown
v3 : 8.8
CWE CWE-77 CWE-79

18 Mar 2025, 17:15

Type Values Removed Values Added
Summary (en) The specific component in Celk Saude 3.1.252.1 that processes user input and returns error messages to the client is vulnerable due to improper validation or sanitization of the "erro" parameter. This parameter appears as a response when incorrect credentials are entered during login. The lack of proper validation or sanitization makes the component susceptible to injection attacks, potentially allowing attackers to manipulate the input and exploit the system. (en) Reflected XSS vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to inject arbitrary JavaScript code via the "erro" parameter.

03 Feb 2025, 19:15

Type Values Removed Values Added
CWE CWE-77
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8
Summary
  • (es) El componente específico de Celk Saude 3.1.252.1 que procesa la entrada del usuario y devuelve mensajes de error al cliente es vulnerable debido a una validación incorrecta o desinfección del parámetro "erro". Este parámetro aparece como respuesta cuando se ingresan credenciales incorrectas durante el inicio de sesión. La falta de una validación o desinfección adecuada hace que el componente sea susceptible a ataques de inyección, lo que potencialmente permite a los atacantes manipular la entrada y explotar sistema.
References () https://github.com/gabriel-bri/vulnerability-research/tree/main/CVE-2024-48761 - () https://github.com/gabriel-bri/vulnerability-research/tree/main/CVE-2024-48761 -

29 Jan 2025, 22:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-01-29 22:15

Updated : 2025-05-23 15:26

NVD link : CVE-2024-48761

Mitre link : CVE-2024-48761

CVE.ORG link : CVE-2024-48761

JSON object : View

Products Affected

celk

  • celk_saude
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')