Cross-Site Scripting Vulnerability in Portabilis i-Educar 2.9.0 Calendar Module
CVE-2025-7868

5.1MEDIUM

Key Information:

Vendor

Portabilis

Status
I-educar
Vendor
CVE Published:
20 July 2025

What is CVE-2025-7868?

A vulnerability exists in the Calendar Module of Portabilis i-Educar 2.9.0, specifically within the file /intranet/educar_calendario_dia_motivo_cad.php. This issue arises from insufficient validation of the 'Motivo' input, leading to potential cross-site scripting (XSS) attacks. Attackers can exploit this vulnerability remotely by manipulating the argument sent to the affected component. There has been public disclosure of this exploit, with efforts to contact the vendor regarding the issue going unanswered.

Affected Version(s)

i-Educar 2.9.0

References

https://vuldb.com/?id.316981
vdb-entrytechnical-description
https://vuldb.com/?ctiid.316981
signaturepermissions-required
https://vuldb.com/?submit.605655
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

RaulPACXXX (VulDB User)
.
CVE-2025-7868 : Cross-Site Scripting Vulnerability in Portabilis i-Educar 2.9.0 Calendar Module