CVE Catalog
CVE-2024-57529
MediumCVSS 6.1Exploitation Probability (EPSS)
Low risk0.32%
24th percentile - higher than 24% of all known CVEs
Summary
A Cross Site Scripting (XSS) vulnerability in Jeppesen JetPlanner Pro version 1.6.2.20 allows a remote attacker to execute arbitrary code in the victim's browser.
Risk Assessment
An attacker can hijack user sessions, steal credentials, or spread malware within the organization.
Recommendation
Immediately update Jeppesen JetPlanner Pro to the latest available version and implement input validation and output encoding in the application.
Original NVD description (English source)
Cross Site Scripting vulnerability in Jeppesen JetPlanner Pro v.1.6.2.20 allows a remote attacker to execute arbitrary code.

