CVE Details
Basic Information
| Title | Portabilis i-Diario Observações diario-de-observacoes cross site scripting |
|---|---|
| Type | cve |
| Published | 2025-08-03T13:32:05.211Z |
| Modified | 2025-08-03T13:32:05.211Z |
Product Information
| Vendor | Portabilis |
|---|---|
| Product | i-Diario |
| Version | 1.5.0 |
CVSS Information
| Base Score | 5.1 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P |
AI Analysis
| AI Description | A stored cross-site scripting (XSS) vulnerability was discovered in Portabilis i-Diario version 1.5.0. This issue allows attackers to inject malicious scripts into the ‘Descrição’ field of the Observações feature. These scripts can execute when other users view the affected page. The vendor has not yet provided a patch or response to this disclosure. |
|---|---|
| AI Severity | Medium |
| AI Vendor | Portabilis |
| AI Product | i-Diario |
| AI Version | 1.5.0 |
Affected Products
- Portabilis i-Diario 1.5.0
Additional Information
| CWE List | CWE-79, CWE-94 |
|---|---|
| Source | VulDB |
Description
A vulnerability classified as problematic was found in Portabilis i-Diario 1.5.0. This vulnerability affects unknown code of the file /diario-de-observacoes/ of the component Observações. The manipulation of the argument Descrição leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
- https://vuldb.com/?id.318610
- https://vuldb.com/?ctiid.318610
- https://vuldb.com/?submit.618973
- https://github.com/marcelomulder/CVE/blob/main/i-diario/CVE-2025-8511.md
- https://github.com/marcelomulder/CVE/blob/main/i-diario/Stored%20XSS%20endpoint%20diario-de-observacoes.(ID)%20in%20’Observa%C3%A7%C3%B5es-Descri%C3%A7%C3%A3o’%20parameter.md