Cross-Site Scripting Vulnerability in Portabilis i-Educar Student Benefits Registration
CVE-2025-7109

5.1MEDIUM

Key Information:

Vendor

Portabilis

Status
I-educar
Vendor
CVE Published:
7 July 2025

What is CVE-2025-7109?

A cross-site scripting vulnerability has been identified in the Portabilis i-Educar application, specifically within the Student Benefits Registration component. The vulnerability is linked to an unspecified functionality associated with the file /intranet/educar_aluno_beneficio_lst.php, where the manipulation of the BenefĂ­cio argument allows attackers to execute scripts in the context of the user's browser. This exploitation can occur remotely, posing significant risks as the exploit has been disclosed publicly. Despite attempts to notify the vendor, no response has been received, highlighting the urgency for users to be aware of this security concern.

Affected Version(s)

i-Educar 2.9.0

References

https://vuldb.com/?id.315020
vdb-entrytechnical-description
https://vuldb.com/?ctiid.315020
signaturepermissions-required
https://vuldb.com/?submit.604790
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

RaulPACXXX (VulDB User)
.