Reflected Cross-Site Scripting in Portabilis i-Educar Software
CVE-2024-55239

Currently unrated

Key Information:

Vendor: Portabilis
Status: I-educar
Vendor: CVE Published:; 18 December 2024

What is CVE-2024-55239?

CVE-2024-55239 is a reflected Cross-Site Scripting (XSS) vulnerability found in Portabilis i-Educar version 2.9. The flaw occurs in the software's standard documentation upload functionality, allowing attackers to craft malicious URLs that include arbitrary JavaScript within the 'titulo_documento' parameter. This exploitation could lead to unauthorized access to sensitive information, session hijacking, or the delivery of malware to users interacting with the compromised link, posing significant risks for both the application and its users.

References

https://github.com/RegularUs3r/CVE-Research/blob/main/CVE...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 18, 2024