CVE-2024-51182

CVSS v3.1

6.1

Medium

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Celk Sistemas Celk Saude version 3.1.252.1

Description The issue allows a remote attacker to inject arbitrary HTML code via the erro parameter. This enables the attacker to potentially manipulate the webpage's content, leading to various security concerns.

Recommendations For Celk Sistemas Celk Saude version 3.1.252.1, consider restricting access to the erro parameter to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2024-51182

Affected Products

Celk Saude

CVE-2024-51182

Weakness Enumeration

Related Identifiers

Affected Products

References · 6