CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-55199

A Stored Cross Site Scripting (XSS) vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to store JavaScript code inside a PDF file through the file upload feature. When the file is rendered, the injected code is executed on the user's browser.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 18.9%

CVSS Severity

CVSS v3 Score 5.4

References

https://github.com/gabriel-bri/vulnerability-research/tree/main/CVE-2024-55199
https://portswigger.net/web-security/cross-site-scripting/stored
https://github.com/gabriel-bri/vulnerability-research/tree/main/CVE-2024-55199

Products affected by CVE-2024-55199

Celk » Celk Saude » Version: 3.1.252.1

cpe:2.3:a:celk:celk_saude:3.1.252.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-55199

Products

Pricing

Contact Us