CVE-2024-41502
MediumCVSS 6.1Exploitation Probability (EPSS)
Low risk12th percentile - higher than 12% of all known CVEs
Summary
A Cross Site Scripting (XSS) vulnerability was found in Jetimob Plataforma Imobiliaria 20240627-0 in the 'Observaces' (observances) form field within the 'Pessoas' (persons) section when creating or editing a legal or natural person. An attacker can inject malicious JavaScript code that executes in the victim's browser.
Risk Assessment
The risk involves potential session theft, data interception, or unauthorized actions performed in the context of the victim's account, leading to confidentiality and integrity breaches in the system.
Recommendation
Immediately update Jetimob Plataforma Imobiliaria to the latest version and implement input validation and encoding for the 'Observaces' field to prevent script injection.
Original NVD description (English source)
Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS) via the form field "Observaces" (observances) in the "Pessoas" (persons) section when creating or editing either a legal or a natural person.

