3 results (0.001 seconds)

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-46655

https://notcve.org/view.php?id=CVE-2024-46655

25 Sep 2024 — A reflected cross-site scripting (XSS) vulnerability in Ellevo 6.2.0.38160 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload or URL. • https://csflabs.github.io/cve/2024/09/24/cve-2024-46655-Cross-Site-Scripting-%28XSS%29-%28Reflected%29-in-Ellevo-application.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-42760

https://notcve.org/view.php?id=CVE-2024-42760

11 Sep 2024 — SQL Injection vulnerability in Ellevo v.6.2.0.38160 allows a remote attacker to obtain sensitive information via the /api/mob/instrucao/conta/destinatarios component. • https://csflabs.github.io/cve/2024/09/10/cve-2024-42760-sql-injection-in-ellevo-API.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-42759

https://notcve.org/view.php?id=CVE-2024-42759

09 Sep 2024 — An issue in Ellevo v.6.2.0.38160 allows a remote attacker to escalate privileges via the /api/usuario/cadastrodesuplente endpoint. • https://csflabs.github.io/cve/2024/09/06/cve-2024-42759-approval-of-your-own-ticket-with-BFLA.html • CWE-592: DEPRECATED: Authentication Bypass Issues •