CVE-2024-48761 – This is a reflected cross-site scripting (XSS) ... (How to Fix)

Q: What is the severity of CVE-2024-48761?

CVE-2024-48761 has a CVSS score of 8.8 (HIGH). This is a reflected cross-site scripting (XSS) vulnerability in Celk Sistemas Celk Saude healthcare software version 3.1.252.1. An attacker can inject malicious JavaScript code via the 'erro' parameter, which gets executed in victims' browsers when they visit a specially crafted URL. Healthcare organizations using this vulnerable version are affected.

📋 TL;DR

This is a reflected cross-site scripting (XSS) vulnerability in Celk Sistemas Celk Saude healthcare software version 3.1.252.1. An attacker can inject malicious JavaScript code via the 'erro' parameter, which gets executed in victims' browsers when they visit a specially crafted URL. Healthcare organizations using this vulnerable version are affected.

💻 Affected Systems

Products:

Celk Sistemas Celk Saude

Versions: v.3.1.252.1

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the web interface component that processes the 'erro' parameter. All installations of this specific version are vulnerable.

📦 What is this software?

Celk Saude by Celk

View all CVEs affecting Celk Saude →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker steals healthcare staff credentials, accesses sensitive patient data, modifies medical records, or performs administrative actions in the healthcare system.

🟠

Likely Case

Attacker steals session cookies to hijack user accounts, performs phishing attacks, or defaces the application interface.

🟢

If Mitigated

Limited to temporary annoyance or minor data exposure if proper input validation and output encoding are implemented.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires tricking users into clicking malicious links. No authentication is needed to trigger the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version after v.3.1.252.1

Vendor Advisory: Not publicly available

Restart Required: No

Instructions:

1. Contact Celk Sistemas for the patched version. 2. Backup current installation. 3. Apply the vendor-provided patch or upgrade to latest version. 4. Test functionality after patching.

🔧 Temporary Workarounds

Web Application Firewall (WAF) Rules

all

Configure WAF to block requests containing malicious JavaScript patterns in the 'erro' parameter

Input Validation Filter

all

Implement server-side validation to sanitize the 'erro' parameter before processing

🧯 If You Can't Patch

Implement Content Security Policy (CSP) headers to restrict script execution
Disable or restrict access to the vulnerable endpoint if not critical

🔍 How to Verify

Check if Vulnerable:

Test by accessing the application with a payload like: /page?erro=<script>alert('XSS')</script> and check if script executes

Check Version:

Check application version in admin panel or configuration files

Verify Fix Applied:

Retest with the same payload after patching - script should not execute and input should be properly encoded

📡 Detection & Monitoring

Log Indicators:

HTTP requests containing script tags or JavaScript code in 'erro' parameter
Unusual error parameter values in access logs

Network Indicators:

HTTP requests with encoded script payloads in query parameters
Multiple failed login attempts following XSS payload delivery

SIEM Query:

source="web_logs" AND (uri="*erro=*script*" OR uri="*erro=*javascript:*" OR uri="*erro=*onerror=*")

📊 Metadata

CVE ID: CVE-2024-48761

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-79

EPSS Score: 0.39% exploit probability (59.8th percentile)

Published: January 29, 2025

Last Updated: May 23, 2025

🔗 References

https://github.com/gabriel-bri/vulnerability-research/tree/main/CVE-2024-48761 Exploit,Third Party Advisory
https://github.com/gabriel-bri/vulnerability-research/tree/main/CVE-2024-48761 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-48761, you might also want to check these: