CVE-2024-41505

MEDIUM

Jetimob Plataforma Imobiliaria 20240627-0 - Stored Cross-Site Scripting via Profisso Field

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-41505. PoCs published by rafaelbaldasso.

AI-analyzed exploit summary This repository documents a Stored XSS vulnerability in Jetimob Plataforma Imobiliaria (CRM/ERP/CMS) version 20240627-0, where malicious JavaScript can be injected via the 'Profissão' field in the 'Pessoas' section. The payload executes when the victim's profile is loaded, potentially leading to session hijacking or other client-side attacks.

Description

Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS) in the "Pessoas" (persons) section via the field "Profisso" (professor).

Exploits (1)

nomisec WRITEUP
by rafaelbaldasso · poc
https://github.com/rafaelbaldasso/CVE-2024-41505

This repository documents a Stored XSS vulnerability in Jetimob Plataforma Imobiliaria (CRM/ERP/CMS) version 20240627-0, where malicious JavaScript can be injected via the 'Profissão' field in the 'Pessoas' section. The payload executes when the victim's profile is loaded, potentially leading to session hijacking or other client-side attacks.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Jetimob Plataforma Imobiliaria (CRM/ERP/CMS) 20240627-0
Auth required
Prerequisites: Access to the 'Pessoas' section with edit/create permissions
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory
https://github.com/rafaelbaldasso/CVE-2024-41505

Scores

CVSS v3 6.1
EPSS 0.0023
EPSS Percentile 13.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
jetimob/imobiliaria 2024-06-27
Published Jun 10, 2025
Tracked Since Feb 18, 2026