Cross-Site Scripting Vulnerability in Portabilis i-Educar Application
CVE-2025-8784

3.5LOW

Key Information:

Vendor: Portabilis
Status: i-Educar
Vendor: CVE Published:; 9 August 2025

What is CVE-2025-8784?

A cross-site scripting vulnerability exists within the Portabilis i-Educar application, specifically in the Cadastrar Vínculo page. This flaw allows attackers to manipulate the 'nome' argument, potentially executing malicious scripts in the context of a user’s browser. The vulnerability can be exploited remotely, making it a severe risk for applications utilizing this software. Despite the vendor being notified, there has been no response to mitigate the issue, leaving users vulnerable to potential attacks.

References

https://github.com/marcelomulder/CVE/blob/main/i-educar/C...

https://github.com/marcelomulder/CVE/blob/main/i-educar/S...

https://vuldb.com/?ctiid.319312

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 9, 2025