Cross Site Scripting Vulnerability in Portabilis i-Educar Product
CVE-2025-8785

3.5LOW

Key Information:

Vendor: Portabilis
Status: i-Educar
Vendor: CVE Published:; 10 August 2025

What is CVE-2025-8785?

A vulnerability has been identified in Portabilis i-Educar, specifically in the processing of the endpoint '/intranet/educar_usuario_lst.php'. By manipulating the parameters 'nm_pessoa', 'matricula', or 'matricula_interna', an attacker can exploit this vulnerability to perform cross site scripting attacks. This issue can be exploited remotely, which raises significant security concerns. Although the vendor was notified of this vulnerability, there has been no response, and the details have been publicly disclosed, potentially increasing the risk of exploitation.

References

https://github.com/marcelomulder/CVE/blob/main/i-educar/C...

https://github.com/marcelomulder/CVE/blob/main/i-educar/R...

https://vuldb.com/?ctiid.319313

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 10, 2025