Cross-Site Scripting Issue in Portabilis i-Educar Software
CVE-2025-10099

4.8MEDIUM

Key Information:

Vendor

Portabilis

Status
I-educar
Vendor
CVE Published:
8 September 2025

What is CVE-2025-10099?

A vulnerability has been identified in the Portabilis i-Educar up to version 2.10, specifically affecting the file /intranet/educar_usuario_cad.php within the Editar usuário Page. This weakness allows attackers to manipulate arguments related to user data, such as email, initial date, and expiration date, thereby enabling remote execution of cross-site scripting (XSS) attacks. Given that exploits have been publicly disclosed, users of the affected versions are at risk of potential data compromise or unauthorized actions within the application.

Affected Version(s)

i-Educar 2.0

i-Educar 2.1

i-Educar 2.2

References

https://vuldb.com/?id.323060
vdb-entrytechnical-description
https://vuldb.com/?ctiid.323060
signaturepermissions-required
https://vuldb.com/?submit.644967
third-party-advisory

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

marceloQz (VulDB User)
marceloQz (VulDB User)
.
CVE-2025-10099 : Cross-Site Scripting Issue in Portabilis i-Educar Software