Skip to main content

Ellevo

3 CVEs product

Monthly

CVE-2024-46655 MEDIUM POC This Month

A reflected cross-site scripting (XSS) vulnerability in Ellevo 6.2.0.38160 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload or URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Ellevo
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-42760 HIGH POC This Week

SQL Injection vulnerability in Ellevo v.6.2.0.38160 allows a remote attacker to obtain sensitive information via the /api/mob/instrucao/conta/destinatarios component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ellevo
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-42759 MEDIUM POC This Month

An issue in Ellevo v.6.2.0.38160 allows a remote attacker to escalate privileges via the /api/usuario/cadastrodesuplente endpoint. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Ellevo
NVD
CVSS 3.1
6.3
EPSS
0.4%
EPSS 0% CVSS 6.1
MEDIUM POC This Month

A reflected cross-site scripting (XSS) vulnerability in Ellevo 6.2.0.38160 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload or URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Ellevo
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

SQL Injection vulnerability in Ellevo v.6.2.0.38160 allows a remote attacker to obtain sensitive information via the /api/mob/instrucao/conta/destinatarios component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ellevo
NVD
EPSS 0% CVSS 6.3
MEDIUM POC This Month

An issue in Ellevo v.6.2.0.38160 allows a remote attacker to escalate privileges via the /api/usuario/cadastrodesuplente endpoint. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Ellevo
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy