Описание
Reflected XSS vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to inject arbitrary JavaScript code via the "erro" parameter.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:celk:celk_saude:3.1.252.1:*:*:*:*:*:*:*
EPSS
Процентиль: 60%
0.00394
Низкий
8.8 High
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 9.8
github
около 1 года назад
The specific component in Celk Saude 3.1.252.1 that processes user input and returns error messages to the client is vulnerable due to improper validation or sanitization of the "erro" parameter. This parameter appears as a response when incorrect credentials are entered during login. The lack of proper validation or sanitization makes the component susceptible to injection attacks, potentially allowing attackers to manipulate the input and exploit the system.
EPSS
Процентиль: 60%
0.00394
Низкий
8.8 High
CVSS3
Дефекты
CWE-79