Cross Site Scripting Vulnerability in Portabilis i-Educar System
CVE-2025-8367
5.3MEDIUM
What is CVE-2025-8367?
A cross site scripting vulnerability has been discovered in Portabilis i-Educar version 2.9, specifically affecting the file /intranet/funcionario_vinculo_lst.php. This vulnerability arises from improper handling of the argument 'nome', allowing attackers to execute arbitrary JavaScript code in the context of users' browsers. This remote attack can lead to data theft and other malicious activities. Despite early notification to the vendor, no response has been received regarding this critical issue.
Affected Version(s)
i-Educar 2.9
References
CVSS V4
Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown
Timeline
Vulnerability published
Vulnerability Reserved
Credit
marceloQz (VulDB User)
marceloQz (VulDB User)