CVE-2024-41504

MEDIUM

Jetimob Plataforma Imobiliaria 20240627-0 - Stored Cross-Site Scripting in Activity Description Field

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-41504. PoCs published by rafaelbaldasso.

AI-analyzed exploit summary This repository documents a Stored Cross-Site Scripting (XSS) vulnerability in Jetimob Plataforma Imobiliaria (CRM/ERP/CMS) version 20240627-0. The vulnerability allows JavaScript injection via the 'Descrição' field in the 'Atividade' section, which executes when the activity is loaded.

Description

Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS). In the "Oportunidades" (opportunities) section of the application when creating or editing an "Atividade" (activity), the form field "Descrico" allows injection of JavaScript.

Exploits (1)

nomisec WRITEUP
by rafaelbaldasso · poc
https://github.com/rafaelbaldasso/CVE-2024-41504

This repository documents a Stored Cross-Site Scripting (XSS) vulnerability in Jetimob Plataforma Imobiliaria (CRM/ERP/CMS) version 20240627-0. The vulnerability allows JavaScript injection via the 'Descrição' field in the 'Atividade' section, which executes when the activity is loaded.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Jetimob Plataforma Imobiliaria (CRM/ERP/CMS) version 20240627-0
Auth required
Prerequisites: Access to the 'Oportunidades' section with permissions to create or edit an 'Atividade'
MITRE ATT&CK
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory
https://github.com/rafaelbaldasso/CVE-2024-41504

Scores

CVSS v3 6.1
EPSS 0.0023
EPSS Percentile 13.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
jetimob/imobiliaria 2024-06-27
Published Jun 10, 2025
Tracked Since Feb 18, 2026