CVE Catalog

CVE-2024-41504

MediumCVSS 6.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.22%

12th percentile - higher than 12% of all known CVEs

Summary

A Cross-Site Scripting (XSS) vulnerability was found in Jetimob Plataforma Imobiliaria version 20240627-0. The 'Descrico' form field in the 'Oportunidades' section during activity creation or editing allows JavaScript injection.

Risk Assessment

An attacker can inject malicious scripts that execute in the browser of an administrator or user, potentially leading to session theft, data manipulation, or further attacks on the organization.

Recommendation

Immediately update the application to the latest version and implement input validation and output encoding for the 'Descrico' field to prevent script injection.

Original NVD description (English source)

Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS). In the "Oportunidades" (opportunities) section of the application when creating or editing an "Atividade" (activity), the form field "Descrico" allows injection of JavaScript.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS