Cross Site Scripting in Portabilis i-Educar 2.9.0
CVE-2025-7113

5.1MEDIUM

Key Information:

Vendor

Portabilis

Status
I-educar
Vendor
CVE Published:
7 July 2025

What is CVE-2025-7113?

A cross site scripting vulnerability exists in the Curricular Components Module of Portabilis i-Educar 2.9.0. The vulnerability is triggered through unsanitized input in the 'Nome' argument of the edit function located at /module/ComponenteCurricular/edit?id=ID. Attackers can exploit this flaw remotely, enabling them to inject malicious scripts into the affected web application. This vulnerability poses a significant risk as it could lead to the manipulation of client-side scripts and the capture of sensitive user information. Despite early disclosure to the vendor by security researchers, there has been no official response concerning mitigation.

Affected Version(s)

i-Educar 2.9.0

References

https://vuldb.com/?id.315024
vdb-entrytechnical-description
https://vuldb.com/?ctiid.315024
signaturepermissions-required
https://vuldb.com/?submit.604879
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

RaulPACXXX (VulDB User)
.