VYPR

Ellevo

by Ellevo

CVEs (3)

  • CVE-2024-46655Sep 25, 2024
    Ellevo
    Ellevo
    risk 0.00cvss epss 0.00

    A reflected cross-site scripting (XSS) vulnerability in Ellevo 6.2.0.38160 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload or URL.

  • CVE-2024-42760Sep 11, 2024
    Ellevo
    Ellevo
    risk 0.00cvss epss 0.00

    SQL Injection vulnerability in Ellevo v.6.2.0.38160 allows a remote attacker to obtain sensitive information via the /api/mob/instrucao/conta/destinatarios component.

  • CVE-2024-42759Sep 9, 2024
    Ellevo
    Ellevo
    risk 0.00cvss epss 0.00

    An issue in Ellevo v.6.2.0.38160 allows a remote attacker to escalate privileges via the /api/usuario/cadastrodesuplente endpoint.