{"id":7703,"date":"2025-07-07T00:30:44","date_gmt":"2025-07-07T00:30:44","guid":{"rendered":"http:\/\/localhost\/?p=7703"},"modified":"2025-07-07T00:30:44","modified_gmt":"2025-07-07T00:30:44","slug":"portabilis-i-educar-curricular-components-module-edit-cross-site-scripting","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=7703","title":{"rendered":"Portabilis i-Educar Curricular Components Module edit cross site scripting"},"content":{"rendered":"
\n

CVE Details<\/h2>\n
\n
\n

Basic Information<\/h3>\n\n\n\n\n\n
Title<\/th>\nPortabilis i-Educar Curricular Components Module edit cross site scripting<\/td>\n<\/tr>\n
Type<\/th>\ncve<\/td>\n<\/tr>\n
Published<\/th>\n2025-07-07T05:02:08.729Z<\/td>\n<\/tr>\n
Modified<\/th>\n2025-07-07T05:02:08.729Z<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Product Information<\/h3>\n\n\n\n\n
Vendor<\/th>\nPortabilis<\/td>\n<\/tr>\n
Product<\/th>\ni-Educar<\/td>\n<\/tr>\n
Version<\/th>\n2.9.0<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
\n

CVSS Information<\/h3>\n\n\n\n
Base Score<\/th>\n5.1 (MEDIUM)<\/td>\n<\/tr>\n
Attack Vector<\/th>\nCVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:L\/UI:P\/VC:N\/VI:L\/VA:N\/SC:N\/SI:N\/SA:N\/E:P<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

AI Analysis<\/h3>\n\n\n\n\n\n\n
AI Description<\/th>\nA cross-site scripting (XSS) vulnerability in Portabilis i-Educar 2.9.0 allows remote attackers to inject malicious scripts via the ‘Nome’ argument in the edit function of the Curricular Components Module. This could enable unauthorized actions on behalf of users.<\/td>\n<\/tr>\n
AI Severity<\/th>\nMedium<\/td>\n<\/tr>\n
AI Vendor<\/th>\nPortabilis<\/td>\n<\/tr>\n
AI Product<\/th>\ni-Educar<\/td>\n<\/tr>\n
AI Version<\/th>\n2.9.0<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Affected Products<\/h4>\n