Cross Site Scripting Vulnerability in Portabilis i-Educar School Module
CVE-2025-7110

5.1MEDIUM

Key Information:

Vendor

Portabilis

Status
I-educar
Vendor
CVE Published:
7 July 2025

What is CVE-2025-7110?

A vulnerability in Portabilis i-Educar version 2.9.0 discovered in the School Module's /intranet/educar_escola_lst.php file allows remote attackers to exploit the application via crafted input, leading to the potential for cross site scripting (XSS). This weakness enables attackers to execute arbitrary scripts in the context of users' browsers, compromising user data and security. Despite early notification, the vendor has not addressed this security concern, leaving users at risk.

Affected Version(s)

i-Educar 2.9.0

References

https://vuldb.com/?id.315021
vdb-entrytechnical-description
https://vuldb.com/?ctiid.315021
signaturepermissions-required
https://vuldb.com/?submit.604802
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

RaulPACXXX (VulDB User)
.