CVE-2025-9722

Medium CVSS: 5.1

A vulnerability has been found in Portabilis i-Educar up to 2.10. The impacted element is an unknown function of the file /intranet/educar_tipo_ocorrencia_disciplinar_cad.php. Such manipulation of the argument nm_tipo/descricao leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Vendor

Portabilis

Product

I-educar

CWE

CWE-79

Yayın Tarihi

2025-08-31 08:15:35

Güncelleme

2025-10-13 21:15:36

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-79 I-educar MEDIUM Portabilis 2025

Referanslar

https://karinagante.github.io/cve-2025-9722/ https://karinagante.github.io/cve-2025-9722/#poc https://vuldb.com/?ctiid.322011 https://vuldb.com/?id.322011 https://vuldb.com/?submit.638697

Benzer Kayıtlar

Medium

CVE-2026-2064

A vulnerability was identified in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functiona…

Medium

CVE-2026-2015

A weakness has been identified in Portabilis i-Educar up to 2.10. Affected is an unknown function of the file FinalStatu…

Medium

CVE-2025-9638

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Portabilis i-Educa…

High

CVE-2025-65022

i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL…

High

CVE-2025-65023

i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL…

High

CVE-2025-65024

i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL…