Cross-Site Scripting in Portabilis i-Diario Web Application
CVE-2025-8787
5.1MEDIUM
What is CVE-2025-8787?
A cross-site scripting (XSS) vulnerability has been identified in the Portabilis i-Diario application. The vulnerability resides in the 'Registro das atividades' component, specifically within the file /registros-de-conteudos-por-disciplina/. Attackers can manipulate input to this component to execute malicious scripts in the context of users' browsers. This allows remote attackers to compromise user sessions, steal cookies, or perform unauthorized actions on behalf of users. Despite being notified, the vendor has not responded to the concerns raised regarding this issue, making it crucial for users to secure their systems promptly.
Affected Version(s)
i-Diario 1.0
i-Diario 1.1
i-Diario 1.2
References
CVSS V4
Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown
Timeline
Vulnerability published
Vulnerability Reserved
Credit
marceloQz (VulDB User)
marceloQz (VulDB User)