Primary

Context

Portabilis i-Educar Cross-Site Scripting Vulnerability in Editar Page

Vulnerability

A stored cross-site scripting vulnerability has been identified in Portabilis i-Educar versions through 2.10. The issue arises in the Editar Page, specifically within the neighborhood name parameter of the '/intranet/educar_instituicao_cad.php' file. The vulnerability allows for the injection of arbitrary JavaScript, which is executed when the user navigates away from the page and then returns.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user.

Reproduction

To reproduce this vulnerability, navigate to the 'Editar' option under 'Cadastro > Instituição'. Once there, insert a script payload into the neighborhood input field. After saving the changes, the injected script will execute when the page is revisited.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

1.7

exploitability

6.3

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

1.7

exploitability

6.3

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Portabilis i-Educar Cross-Site Scripting Vulnerability in Editar Page

Vulnerability

Impact

Reproduction

Affected Products

Portabilis i-Educar

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating