Portabilis i-Educar Cross-Site Scripting Vulnerability in Type Occurrence Disciplinary Registration Endpoint

A stored cross-site scripting vulnerability has been identified in Portabilis i-Educar versions through 2.10. The issue resides in the '/intranet/educar_tipo_ocorrencia_disciplinar_cad.php' file, where the 'nm_tipo' and 'descricao' parameters can be manipulated to inject malicious scripts. These scripts are stored on the server and executed automatically when the affected page is accessed, posing a significant security risk. The vulnerability can be exploited remotely, and the injected scripts could be used to steal session cookies, credentials, or sensitive information, hijack the user's browser, download malware, deface websites, misdirect users, and damage a business's reputation.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user accessing the page. This could lead to session hijacking, credential theft, distribution of malware, browser exploitation, and defacement of websites, among other risks.

Reproduction

To reproduce this vulnerability, access the '/intranet/educar_tipo_ocorrencia_disciplinar_cad.php' endpoint. Select the default option in the first field, then insert a payload into the 'nm_tipo' and 'descricao' fields. After clicking 'Salvar', the trigger page '/intranet/educar_tipo_ocorrencia_disciplinar_lst.php' will be activated automatically, executing the injected script. The vulnerability can also be confirmed by accessing another affected endpoint with the injected payload.