rafaelbaldasso - Security Researcher - Exploit Intelligence Platform

CVE-2024-41502 NOMISEC MEDIUM WRITEUP

Jetimob Plataforma Imobiliaria 20240627-0 - Stored Cross-Site Scripting via Observaces Form Field

Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS) via the form field "Observaces" (observances) in the "Pessoas" (persons) section when creating or editing either a legal or a natural person.

CVSS 6.1

View Code

CVE-2024-41503 NOMISEC MEDIUM WRITEUP

Jetimob Plataforma Imobiliaria 20240627-0 - Stored Cross-Site Scripting in Search Filter Title Field

Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS) in the field "Ttulo" (title) inside the filter Save option in the "Busca" (search) function.

CVSS 6.1

View Code

CVE-2024-41504 NOMISEC MEDIUM WRITEUP

Jetimob Plataforma Imobiliaria 20240627-0 - Stored Cross-Site Scripting in Activity Description Field

Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS). In the "Oportunidades" (opportunities) section of the application when creating or editing an "Atividade" (activity), the form field "Descrico" allows injection of JavaScript.

CVSS 6.1

View Code

CVE-2024-41505 NOMISEC MEDIUM WRITEUP

Jetimob Plataforma Imobiliaria 20240627-0 - Stored Cross-Site Scripting via Profisso Field

Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS) in the "Pessoas" (persons) section via the field "Profisso" (professor).

CVSS 6.1

View Code