CVE Catalog

CVE-2024-41502

MediumCVSS 6.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.22%

12th percentile - higher than 12% of all known CVEs

Summary

A Cross Site Scripting (XSS) vulnerability was found in Jetimob Plataforma Imobiliaria 20240627-0 in the 'Observaces' (observances) form field within the 'Pessoas' (persons) section when creating or editing a legal or natural person. An attacker can inject malicious JavaScript code that executes in the victim's browser.

Risk Assessment

The risk involves potential session theft, data interception, or unauthorized actions performed in the context of the victim's account, leading to confidentiality and integrity breaches in the system.

Recommendation

Immediately update Jetimob Plataforma Imobiliaria to the latest version and implement input validation and encoding for the 'Observaces' field to prevent script injection.

Original NVD description (English source)

Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS) via the form field "Observaces" (observances) in the "Pessoas" (persons) section when creating or editing either a legal or a natural person.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS