CVE-2024-41503

MEDIUM

Jetimob Plataforma Imobiliaria 20240627-0 - Stored Cross-Site Scripting in Search Filter Title Field

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-41503. PoCs published by rafaelbaldasso.

AI-analyzed exploit summary The repository provides a detailed technical description of a stored XSS vulnerability in Jetimob Plataforma Imobiliaria (CRM/ERP/CMS) version 20240627-0. The vulnerability occurs in the 'Busca' (search) function's filter option, where the 'Título' field allows JavaScript injection, which is executed when the filter is created or deleted.

Description

Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS) in the field "Ttulo" (title) inside the filter Save option in the "Busca" (search) function.

Exploits (1)

nomisec WRITEUP
by rafaelbaldasso · poc
https://github.com/rafaelbaldasso/CVE-2024-41503

The repository provides a detailed technical description of a stored XSS vulnerability in Jetimob Plataforma Imobiliaria (CRM/ERP/CMS) version 20240627-0. The vulnerability occurs in the 'Busca' (search) function's filter option, where the 'Título' field allows JavaScript injection, which is executed when the filter is created or deleted.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Jetimob Plataforma Imobiliaria (CRM/ERP/CMS) version 20240627-0
Auth required
Prerequisites: Access to the 'Busca' function with the ability to save filters
MITRE ATT&CK
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory
https://github.com/rafaelbaldasso/CVE-2024-41503

Scores

CVSS v3 6.1
EPSS 0.0023
EPSS Percentile 13.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
jetimob/imobiliaria 2024-06-27
Published Jun 10, 2025
Tracked Since Feb 18, 2026