Portabilis i-Educar Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in Portabilis i-Educar version 2.10. The issue resides in the file '/intranet/educar_motivo_afastamento_cad.php', specifically within the 'nm_motivo' parameter. This vulnerability allows for the injection of malicious scripts, which are then stored on the server and executed automatically when the affected page is accessed by users. The vulnerability can be exploited remotely, and a public exploit is available.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user accessing the page. This can lead to session hijacking, theft of cookies and credentials, and the execution of malware.

Reproduction

To reproduce this vulnerability, access the '/intranet/educar_motivo_afastamento_cad.php' endpoint. Select the default option in the first field ('Instituição') and insert a payload, such as an image tag with an 'onerror' event, into the second field ('Motivo de Afastamento'). After clicking 'Salvar', the trigger page '/intranet/educar_motivo_afastamento_lst.php' will be activated automatically, executing the injected script.