Cross-Site Scripting Vulnerability in Portabilis i-Educar Function Management Module
CVE-2025-7112

5.1MEDIUM

Key Information:

Vendor: Portabilis
Status: I-educar
Vendor: CVE Published:; 7 July 2025

What is CVE-2025-7112?

A cross-site scripting vulnerability exists in the Function Management Module of Portabilis i-Educar version 2.9.0. This flaw is due to improper handling of arguments in the file /intranet/educar_funcao_det.php?cod_funcao=COD&ref_cod_instituicao=COD. Manipulating the 'Função' argument can allow attackers to execute arbitrary scripts in the context of the victim's browser, fundamentally compromising user data and session integrity. The exploit is publicly known and can be initiated remotely. Despite being notified of this issue, the vendor has not responded.