Portabilis i-Educar Cross-Site Scripting Vulnerability in Cadastrar Projeto Page

A stored cross-site scripting vulnerability has been identified in Portabilis i-Educar versions through 2.10. The issue resides in the Cadastrar projeto Page, specifically within the /intranet/educar_projeto_cad.php file. The vulnerability allows for the injection of malicious scripts via the nome and observacao parameters. These injected scripts are stored on the server and executed automatically when the affected page is accessed by users, posing a significant security risk.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user accessing the page. This could lead to session hijacking, credential theft, and other malicious actions as described in the vulnerability details.

Reproduction

To reproduce this vulnerability, access the /intranet/educar_projeto_cad.php endpoint. Insert a payload, such as an image tag with an error event (e.g., an alert), into the 'Nome do Projeto' and 'Observação' fields. After saving, the payload will be executed when the trigger page, /intranet/educar_projeto_lst.php, is accessed.