CVE-2025-10099

Medium CVSS: 4.8

A weakness has been identified in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/educar_usuario_cad.php of the component Editar usuário Page. This manipulation of the argument email/data_inicial/data_expiracao causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited.

Vendor

Portabilis

Product

I-educar

CWE

CWE-79

Yayın Tarihi

2025-09-08 18:15:32

Güncelleme

2025-09-11 15:39:42

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-79 I-educar MEDIUM Portabilis 2025

Referanslar

https://github.com/marcelomulder/CVE/blob/main/i-educar/CVE-2025-10099.md https://github.com/marcelomulder/CVE/blob/main/i-educar/Cross-Site%20Scripting%20(XSS)%20Reflected%20endpoint%20%60educar_usuario_cad.php%60%20parameters%20%60email%60,%20%60data_inicial%60,%20%60data_expiracao%60.md https://vuldb.com/?ctiid.323060 https://vuldb.com/?id.323060 https://vuldb.com/?submit.644967

Benzer Kayıtlar

Medium

CVE-2026-2064

A vulnerability was identified in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functiona…

Medium

CVE-2026-2015

A weakness has been identified in Portabilis i-Educar up to 2.10. Affected is an unknown function of the file FinalStatu…

Medium

CVE-2025-9638

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Portabilis i-Educa…

High

CVE-2025-65022

i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL…

High

CVE-2025-65023

i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL…

High

CVE-2025-65024

i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL…