Celk: >> Celk Saude >> 3.1.252.1 Security Vulnerabilities
User Enumeration via Discrepancies in Error Messages in the Celk Sistemas Celk Saude v.3.1.252.1 password recovery functionality which allows a remote attacker to enumerate users through discrepancies in the responses.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-03-13
A Stored Cross Site Scripting (XSS) vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to store JavaScript code inside a PDF file through the file upload feature. When the file is rendered, the injected code is executed on the user's browser.
CVSS Score
5.4
EPSS Score
0.001
Published
2025-03-10
Reflected XSS vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to inject arbitrary JavaScript code via the "erro" parameter.
CVSS Score
8.8
EPSS Score
0.002
Published
2025-01-29
HTML Injection vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to inject arbitrary HTML code via the "erro" parameter.
CVSS Score
6.1
EPSS Score
0.001
Published
2025-01-29