ellevo CVE Vulnerabilities & CVE List (3)

Products (CPE): — CVEs: 3

ellevo vulnerability overview

Aggregates CVE and security vulnerability intelligence across all ellevo-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.

Common weakness patterns include vendor risk sql injection and vendor risk cross-site scripting, with potential vendor impact session compromise and vendor impact data exposure across vendor surface software deployment use cases.

Vulnerability distribution trend (last 24 months)

CVE	Summary	Source	Max CVSS	EPSS %	Published	Updated
CVE-2024-46655	A reflected cross-site scripting (XSS) vulnerability in Ellevo 6.2.0.38160 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload or URL.	[email protected]	6.1	0.47%	2024-09-25	2024-10-02
CVE-2024-42760	SQL Injection vulnerability in Ellevo v.6.2.0.38160 allows a remote attacker to obtain sensitive information via the /api/mob/instrucao/conta/destinatarios component.	[email protected]	7.5	0.08%	2024-09-11	2025-07-10
CVE-2024-42759	An issue in Ellevo v.6.2.0.38160 allows a remote attacker to escalate privileges via the /api/usuario/cadastrodesuplente endpoint.	[email protected]	6.3	0.36%	2024-09-09	2025-07-03

cvelogic Threat Intelligence