Cross-Site Scripting Vulnerability in Portabilis i-Educar Function Management Module
CVE-2025-7112

5.1MEDIUM

Key Information:

Vendor

Portabilis

Status
I-educar
Vendor
CVE Published:
7 July 2025

What is CVE-2025-7112?

A cross-site scripting vulnerability exists in the Function Management Module of Portabilis i-Educar version 2.9.0. This flaw is due to improper handling of arguments in the file /intranet/educar_funcao_det.php?cod_funcao=COD&ref_cod_instituicao=COD. Manipulating the 'Função' argument can allow attackers to execute arbitrary scripts in the context of the victim's browser, fundamentally compromising user data and session integrity. The exploit is publicly known and can be initiated remotely. Despite being notified of this issue, the vendor has not responded.

Affected Version(s)

i-Educar 2.9.0

References

https://vuldb.com/?id.315023
vdb-entrytechnical-description
https://vuldb.com/?ctiid.315023
signaturepermissions-required
https://vuldb.com/?submit.604824
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

RaulPACXXX (VulDB User)
.