Cross Site Scripting Vulnerability in Portabilis i-Educar
CVE-2025-8366

5.3MEDIUM

Key Information:

Vendor

Portabilis

Status
I-educar
Vendor
CVE Published:
31 July 2025

What is CVE-2025-8366?

A security vulnerability in Portabilis i-Educar version 2.9 allows attackers to exploit the file /intranet/educar_servidor_lst.php. Manipulation of the parameters 'nome' or 'matricula_servidor' can lead to cross site scripting attacks. This vulnerability can be remotely executed and has been publicly disclosed, posing a significant risk to users. Despite prior notice, the vendor has not addressed this issue.

Affected Version(s)

i-Educar 2.9

References

https://vuldb.com/?id.318338
vdb-entrytechnical-description
https://vuldb.com/?ctiid.318338
signaturepermissions-required
https://vuldb.com/?submit.618667
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

marceloQz (VulDB User)
marceloQz (VulDB User)
.
CVE-2025-8366 : Cross Site Scripting Vulnerability in Portabilis i-Educar