Portabilis i-Educar Cross-Site Scripting Vulnerability in Module Registration

A cross-site scripting (XSS) vulnerability has been identified in Portabilis i-Educar versions through 2.10. The issue resides in the '/intranet/educar_modulo_cad.php' file, where the 'nm_tipo' and 'descricao' parameters can be manipulated to inject malicious scripts. These scripts are stored on the server and executed automatically when the affected page is accessed, posing a significant security risk. The vulnerability can be exploited remotely, and a public exploit is available.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user accessing the page. This could lead to session hijacking, credential theft, and other malicious actions as described in the vulnerability's impact section.

Reproduction

To reproduce this vulnerability, access the '/intranet/educar_modulo_cad.php' endpoint. Select the default option in the first field, then insert a payload into the 'nm_tipo' and 'descricao' fields. After entering '4' in the 'Número de etapas' field, click 'Salvar'. This action will trigger the vulnerability by executing the injected script. The same payload can be used in the 'descricao' field to achieve the same effect.