Cross-Site Scripting Vulnerability in Portabilis i-Educar
CVE-2025-7867

5.1MEDIUM

Key Information:

Vendor

Portabilis

Status
I-educar
Vendor
CVE Published:
20 July 2025

What is CVE-2025-7867?

A cross-site scripting vulnerability has been identified in Portabilis i-Educar version 2.9.0, specifically within the Agenda Module's agenda.php file. An attacker can manipulate the 'novo_titulo' parameter, which may lead to the execution of malicious scripts in the context of the user's browser. This vulnerability can be exploited remotely, allowing unauthorized users to execute scripts that could compromise user data and session integrity. Although the vendor has been informed of the issue, no response has been received regarding a patch or mitigation.

Affected Version(s)

i-Educar 2.9.0

References

https://vuldb.com/?id.316980
vdb-entrytechnical-description
https://vuldb.com/?ctiid.316980
signaturepermissions-required
https://vuldb.com/?submit.605633
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

RaulPACXXX (VulDB User)
.
CVE-2025-7867 : Cross-Site Scripting Vulnerability in Portabilis i-Educar