Portabilis i-Diario Informações Adicionais /planos-de-ensino-por-areas-de-conhecimento cross site scripting_CVE-2025-9105

5.1 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

Description

A vulnerability has been found in Portabilis i-Diario up to 1.5.0. This affects an unknown part of the file /planos-de-ensino-por-areas-de-conhecimento/ of the component Informações Adicionais Page. The manipulation of the argument Parecer/Conteúdos/Objetivos leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2025-9105

Source VulDB

Published Aug 18, 2025 at 04:02

Affected Product

Vendor Portabilis

Product i-Diario

Version 1.0

Affected Versions Portabilis i-Diario 1.0
Portabilis i-Diario 1.1
Portabilis i-Diario 1.2
Portabilis i-Diario 1.3
Portabilis i-Diario 1.4
Portabilis i-Diario 1.5.0

CWE Classification

CWE-79 CWE-94

References

{
    "lastseen": "",
    "description": "A vulnerability has been found in Portabilis i-Diario up to 1.5.0. This affects an unknown part of the file /planos-de-ensino-por-areas-de-conhecimento/ of the component Informa\u00e7\u00f5es Adicionais Page. The manipulation of the argument Parecer/Conte\u00fados/Objetivos leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2025-08-18T04:02:05.133Z",
    "modified": "2025-08-18T04:02:05.133Z",
    "type": "cve",
    "title": "Portabilis i-Diario Informa\u00e7\u00f5es Adicionais /planos-de-ensino-por-areas-de-conhecimento cross site scripting",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.320427\nhttps://vuldb.com/?ctiid.320427\nhttps://vuldb.com/?submit.627566\nhttps://github.com/marcelomulder/CVE/blob/main/i-diario/Stored%20XSS%20endpoint%20planos-de-ensino-por-areas-de-conhecimento.(ID)%20in%20multiples%20parameters.md\nhttps://github.com/marcelomulder/CVE/blob/main/i-diario/Stored%20XSS%20endpoint%20planos-de-ensino-por-areas-de-conhecimento.(ID)%20in%20multiples%20parameters.md#poc",
    "id": "CVE-2025-9105",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79",
        "CWE-94"
    ],
    "cvelist": null,
    "sourceData": "Portabilis i-Diario 1.0\nPortabilis i-Diario 1.1\nPortabilis i-Diario 1.2\nPortabilis i-Diario 1.3\nPortabilis i-Diario 1.4\nPortabilis i-Diario 1.5.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.1,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "i-Diario",
    "version": "1.0",
    "vendor": "Portabilis",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}