Gabriel Bri - Security Researcher - Exploit Intelligence Platform

CVE-2024-48761 WRITEUP HIGH WRITEUP

Celk Saude 3.1.252.1 - Reflected Cross-Site Scripting via 'erro' Parameter

Reflected XSS vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to inject arbitrary JavaScript code via the "erro" parameter.

CVSS 8.8

View Code

CVE-2024-51182 WRITEUP MEDIUM WRITEUP

Celk Saude 3.1.252.1 - HTML Injection via 'erro' Parameter

HTML Injection vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to inject arbitrary HTML code via the "erro" parameter.

CVSS 6.1

View Code

CVE-2024-55198 WRITEUP MEDIUM WRITEUP

Celk Sistemas Celk Saude <3.1.252.1 - Info Disclosure

User Enumeration via Discrepancies in Error Messages in the Celk Sistemas Celk Saude v.3.1.252.1 password recovery functionality which allows a remote attacker to enumerate users through discrepancies in the responses.

CVSS 5.3

View Code

CVE-2024-55199 WRITEUP MEDIUM WRITEUP

Celk Saude 3.1.252.1 - Stored Cross-Site Scripting via PDF File Upload

A Stored Cross Site Scripting (XSS) vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to store JavaScript code inside a PDF file through the file upload feature. When the file is rendered, the injected code is executed on the user's browser.

CVSS 5.4

View Code