Cross-Site Scripting Vulnerability in Portabilis i-Diario from Portabilis
CVE-2025-7870
Key Information:
- Vendor
Portabilis
- Status
- Vendor
- CVE Published:
- 20 July 2025
Badges
What is CVE-2025-7870?
A vulnerability in Portabilis i-Diario version 1.5.0 has been identified, affecting the justificativas-de-falta endpoint. This flaw allows for cross-site scripting attacks through improper manipulation of input arguments, specifically the Anexo parameter. Malicious actors can exploit this vulnerability remotely, potentially compromising user data and site integrity. Despite notification, the vendor has not responded to address the issue, increasing the risk of exploitation.
Affected Version(s)
i-Diario 1.5.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved