Primary

Context

Celk Sistemas Celk Saude HTML Injection Vulnerability

Vulnerability

A HTML injection vulnerability exists in Celk Sistemas Celk Saude version 3.1.252.1. This vulnerability allows remote attackers to inject arbitrary HTML code through the 'erro' parameter.

Impact

Exploitation of this vulnerability allows for HTML injection, which could be used to manipulate the content displayed to users or to execute scripts in the context of the user's browser.

Reproduction

To reproduce this vulnerability, log into the application with invalid credentials. The application will respond with an error message that includes the 'erro' parameter. Intercept the response and modify the 'erro' parameter to include HTML content, such as a link. Once the modified request is sent, the injected HTML will be rendered in the browser. Clicking the link will execute a JavaScript alert, demonstrating successful injection and execution of script-based payloads.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

7.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

7.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Celk Sistemas Celk Saude HTML Injection Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating