Portabilis i-Educar
0 remedies
cpe:2.3:a:portabilis:i-educar:*:*:*:*:*:*:*
0 remedies
- <= 2.10
Portabilis i-Educar Cross-Site Scripting Vulnerability in agenda_preferencias.php
Vulnerability
A reflected cross-site scripting vulnerability has been identified in Portabilis i-Educar versions through 2.10. The issue arises in the agenda_preferencias.php file, where the tipoacao parameter is not properly validated or sanitized. This flaw allows remote attackers to inject malicious scripts that are executed in the context of the user's browser.
Impact
Exploitation of this vulnerability allows for reflected cross-site scripting, where injected scripts are executed immediately in the victim's browser. This could lead to session hijacking, credential theft, malware delivery, phishing attacks, reputation damage, and client-side manipulation of the application.
Reproduction
To reproduce this vulnerability, log into the i-Educar application and send a POST request to the agenda_preferencias.php endpoint. Include a script payload in the tipoacao parameter. The injected script will be executed when the crafted request is processed by the application.
Added: Sep 17, 2025, 6:25 PM
Updated: Sep 17, 2025, 8:34 PM
Vulnerability Rating
Custom Algorithm
spread
1.9impact
3.5exploitability
7.7remediation
0.0relevance
0.5threat
6.4urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.