Vendor

Ellevo

Products

CVEs

Across products

Status

Private

Products

CVE	Vendor / Product	CVSS	Published	Description
CVE-2024-46655	Ellevo Ellevo	—	Sep 25, 2024	A reflected cross-site scripting (XSS) vulnerability in Ellevo 6.2.0.38160 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload or URL.
CVE-2024-42760	Ellevo Ellevo	—	Sep 11, 2024	SQL Injection vulnerability in Ellevo v.6.2.0.38160 allows a remote attacker to obtain sensitive information via the /api/mob/instrucao/conta/destinatarios component.
CVE-2024-42759	Ellevo Ellevo	—	Sep 9, 2024	An issue in Ellevo v.6.2.0.38160 allows a remote attacker to escalate privileges via the /api/usuario/cadastrodesuplente endpoint.

CVE-2024-46655Sep 25, 2024
Ellevo
Ellevo
risk 0.00cvss —epss 0.00
A reflected cross-site scripting (XSS) vulnerability in Ellevo 6.2.0.38160 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload or URL.
CVE-2024-42760Sep 11, 2024
Ellevo
Ellevo
risk 0.00cvss —epss 0.00
SQL Injection vulnerability in Ellevo v.6.2.0.38160 allows a remote attacker to obtain sensitive information via the /api/mob/instrucao/conta/destinatarios component.
CVE-2024-42759Sep 9, 2024
Ellevo
Ellevo
risk 0.00cvss —epss 0.00
An issue in Ellevo v.6.2.0.38160 allows a remote attacker to escalate privileges via the /api/usuario/cadastrodesuplente endpoint.