Cross Site Scripting Vulnerability in Portabilis i-Educar Course Module
CVE-2025-7111

5.1MEDIUM

Key Information:

Vendor

Portabilis

Status
Vendor
CVE Published:
7 July 2025

What is CVE-2025-7111?

A cross site scripting (XSS) vulnerability has been identified in the Course Module of Portabilis i-Educar, specifically impacting the file /intranet/educar_curso_det.php. By manipulating the 'Curso' argument, an attacker can execute arbitrary scripts in the context of the victim's browser, potentially leading to unauthorized access to sensitive information. This vulnerability is particularly concerning as it can be exploited remotely, allowing attackers to target users without direct interaction. The vendor has been made aware of the issue; however, there has been no public response regarding a fix. It is crucial for users to assess their exposure and take necessary protective measures.

Affected Version(s)

i-Educar 2.9.0

References

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

RaulPACXXX (VulDB User)
.
CVE-2025-7111 : Cross Site Scripting Vulnerability in Portabilis i-Educar Course Module