CVE-2024-41504
MediumCVSS 6.1Exploitation Probability (EPSS)
Low risk12th percentile - higher than 12% of all known CVEs
Summary
A Cross-Site Scripting (XSS) vulnerability was found in Jetimob Plataforma Imobiliaria version 20240627-0. The 'Descrico' form field in the 'Oportunidades' section during activity creation or editing allows JavaScript injection.
Risk Assessment
An attacker can inject malicious scripts that execute in the browser of an administrator or user, potentially leading to session theft, data manipulation, or further attacks on the organization.
Recommendation
Immediately update the application to the latest version and implement input validation and output encoding for the 'Descrico' field to prevent script injection.
Original NVD description (English source)
Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS). In the "Oportunidades" (opportunities) section of the application when creating or editing an "Atividade" (activity), the form field "Descrico" allows injection of JavaScript.

