CVE Details
Basic Information
| Title | Portabilis i-Diario conteudos cross site scripting |
|---|---|
| Type | cve |
| Published | 2025-07-20T06:02:05.813Z |
| Modified | 2025-07-20T06:02:05.813Z |
Product Information
| Vendor | Portabilis |
|---|---|
| Product | i-Diario |
| Version | 1.5.0 |
CVSS Information
| Base Score | 5.1 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P |
AI Analysis
| AI Description | A cross-site scripting (XSS) vulnerability exists in Portabilis i-Diario version 1.5.0 due to improper handling of the filter[by_description] argument. This allows remote attackers to inject malicious scripts via a crafted description. The issue has been publicly disclosed and the vendor has not responded. |
|---|---|
| AI Severity | Medium |
| AI Vendor | Portabilis |
| AI Product | i-Diario |
| AI Version | 1.5.0 |
Affected Products
- Portabilis i-Diario 1.5.0
Additional Information
| CWE List | CWE-79, CWE-94 |
|---|---|
| Source | VulDB |
Description
A vulnerability has been found in Portabilis i-Diario 1.5.0 and classified as problematic. This vulnerability affects unknown code of the file /conteudos. The manipulation of the argument filter[by_description] leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.