CVE Details
Basic Information
| Title | Portabilis i-Educar educar_escolaridade_lst.php cross site scripting |
|---|---|
| Type | cve |
| Published | 2025-07-31T06:32:05.832Z |
| Modified | 2025-07-31T06:32:05.832Z |
Product Information
| Vendor | Portabilis |
|---|---|
| Product | i-Educar |
| Version | 2.9 |
CVSS Information
| Base Score | 5.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P |
AI Analysis
| AI Description | A reflected cross-site scripting (XSS) vulnerability was discovered in Portabilis i-Educar version 2.9. This vulnerability allows remote attackers to inject malicious scripts via the ‘descricao’ argument in the ‘educar_escolaridade_lst.php’ file. The issue has been publicly disclosed, and the vendor has not responded to the disclosure. |
|---|---|
| AI Severity | Medium |
| AI Vendor | Portabilis |
| AI Product | i-Educar |
| AI Version | 2.9 |
Affected Products
- Portabilis i-Educar 2.9
Additional Information
| CWE List | CWE-79, CWE-94 |
|---|---|
| Source | VulDB |
Description
A vulnerability, which was classified as problematic, was found in Portabilis i-Educar 2.9. Affected is an unknown function of the file /intranet/educar_escolaridade_lst.php. The manipulation of the argument descricao leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.