CVE Catalog

CVE-2024-57529

MediumCVSS 6.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.32%

24th percentile - higher than 24% of all known CVEs

Summary

A Cross Site Scripting (XSS) vulnerability in Jeppesen JetPlanner Pro version 1.6.2.20 allows a remote attacker to execute arbitrary code in the victim's browser.

Risk Assessment

An attacker can hijack user sessions, steal credentials, or spread malware within the organization.

Recommendation

Immediately update Jeppesen JetPlanner Pro to the latest available version and implement input validation and output encoding in the application.

Original NVD description (English source)

Cross Site Scripting vulnerability in Jeppesen JetPlanner Pro v.1.6.2.20 allows a remote attacker to execute arbitrary code.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS