Jetimob Plataforma Imobiliaria Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in Jetimob Plataforma Imobiliaria version 20240627-0. The issue arises in the 'Pessoas' section, specifically within the 'Observações' form field, when creating or editing profiles for legal or natural persons. Malicious scripts injected into this field are executed whenever the corresponding profile is accessed.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the affected profile.

Reproduction

To reproduce this vulnerability, navigate to the 'Pessoas' section and create or edit a profile for either a legal or natural person. Inject a script payload, such as an image tag with an 'onerror' event, into the 'Observações' field. Once the profile is saved, the injected script will execute when the profile is loaded.