Cross Site Scripting Vulnerability in Portabilis i-Educar School Module
CVE-2025-7110
5.1MEDIUM
What is CVE-2025-7110?
A vulnerability in Portabilis i-Educar version 2.9.0 discovered in the School Module's /intranet/educar_escola_lst.php file allows remote attackers to exploit the application via crafted input, leading to the potential for cross site scripting (XSS). This weakness enables attackers to execute arbitrary scripts in the context of users' browsers, compromising user data and security. Despite early notification, the vendor has not addressed this security concern, leaving users at risk.
Affected Version(s)
i-Educar 2.9.0