Cross-Site Scripting Vulnerability in Portabilis i-Educar Product
CVE-2025-7866

5.1MEDIUM

Key Information:

Vendor: Portabilis
Status: I-educar
Vendor: CVE Published:; 20 July 2025

What is CVE-2025-7866?

A vulnerability exists in Portabilis i-Educar version 2.9.0, specifically in the Disabilities Module's handling of the file /intranet/educar_deficiencia_lst.php. This issue arises from improper processing of the argument 'Deficiência ou Transtorno', allowing attackers to execute cross-site scripting (XSS) attacks. This vulnerability can be exploited remotely, potentially impacting users by manipulating their session or executing arbitrary scripts in the context of their browser. The exploit has been publicly disclosed, and prompt action is advised as the vendor has not provided any response regarding this security issue.