CVE-2024-41504
BaseFortify
Publication date: 2025-06-10
Last updated on: 2025-10-01
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jetimob | imobiliaria | 2024-06-27 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2024-41504 is a Stored Cross-Site Scripting (XSS) vulnerability in Jetimob Plataforma Imobiliaria version 20240627-0. It occurs in the "Oportunidades" section when creating or editing an "Atividade" (activity). The "Descrição" (description) form field does not properly sanitize input, allowing attackers to inject malicious JavaScript code. This code is then executed whenever the affected activity is viewed, enabling persistent script injection. [2]
How can this vulnerability impact me? :
This vulnerability can allow attackers to execute malicious JavaScript in the context of the affected application. This can lead to theft of user session cookies, unauthorized actions performed on behalf of users, and potential compromise of user data and sessions. Persistent script injection means the malicious code remains stored and executes every time the affected activity is accessed, increasing the risk and impact. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the 'Descrição' field in the 'Oportunidades' section of the Jetimob Plataforma Imobiliaria version 20240627-0 for stored Cross-Site Scripting (XSS). You can attempt to inject a test payload such as `<img src=x onerror=alert(document.cookie)>` into the 'Descrição' field when creating or editing an 'Atividade'. If the payload executes (e.g., an alert box appears when viewing the activity), the vulnerability is present. There are no specific network commands provided, but manual testing through the application interface or automated web vulnerability scanners that test for stored XSS can be used. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding the use of the vulnerable version 20240627-0 of Jetimob Plataforma Imobiliaria until a patch is available. If possible, restrict access to the 'Oportunidades' section or the 'Descrição' input field to trusted users only. Additionally, implement input sanitization or filtering on the 'Descrição' field to block JavaScript code injection. Using web application firewalls (WAFs) to detect and block XSS payloads can also help reduce risk until an official fix is released. [2]