Cross-Site Scripting Vulnerability in Portabilis i-Educar Product
CVE-2025-7869

5.1MEDIUM

Key Information:

Vendor

Portabilis

Status
I-educar
Vendor
CVE Published:
20 July 2025

What is CVE-2025-7869?

The i-Educar platform, particularly version 2.9.0, is susceptible to cross-site scripting vulnerabilities through an insecure handling of the 'nm_tipo' parameter within the intranet/educar_turma_tipo_det.php file of the Turma Module. Exploiting this flaw can allow attackers to execute arbitrary scripts in the context of unsuspecting users, potentially leading to data theft, session hijacking, and further compromises in security. The vulnerability is publicly known, yet the vendor has not responded to initial reports regarding this security concern.

Affected Version(s)

i-Educar 2.9.0

References

https://vuldb.com/?id.316982
vdb-entrytechnical-description
https://vuldb.com/?ctiid.316982
signaturepermissions-required
https://vuldb.com/?submit.605663
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

RaulPACXXX (VulDB User)
.
CVE-2025-7869 : Cross-Site Scripting Vulnerability in Portabilis i-Educar Product