Cross Site Scripting in Portabilis i-Diario Affects User Input Handling
CVE-2025-9107
5.3MEDIUM
What is CVE-2025-9107?
A vulnerability has been identified in Portabilis i-Diario where improper handling of user-supplied input in the /alunos/search_autocomplete function can lead to cross site scripting (XSS). This allows attackers to execute arbitrary scripts in the context of a user's session. The vulnerability affects versions up to 1.5.0 and can be exploited remotely, potentially allowing attackers to manipulate the 'q' argument to inject malicious scripts. Despite early notification, the vendor has not provided a response regarding this issue, increasing the risk of exploitation.
Affected Version(s)
i-Diario 1.0
i-Diario 1.1
i-Diario 1.2
References
CVSS V4
Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown
Timeline
Vulnerability published
Vulnerability Reserved
Credit
marceloQz (VulDB User)
marceloQz (VulDB User)