Portabilis i-Educar Cross-Site Scripting Vulnerability in Level Education Registration Page

A stored cross-site scripting vulnerability has been identified in Portabilis i-Educar versions through 2.10. The issue resides in the '/intranet/educar_nivel_ensino_cad.php' file, where the 'nm_nivel' and 'descricao' parameters can be manipulated to inject malicious scripts. These scripts are stored on the server and executed automatically when the page is accessed, posing a significant security risk. The vulnerability can be exploited remotely, requiring user interaction.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user accessing the page. This could lead to session hijacking, credential theft, and other malicious actions as described in the vulnerability disclosure.

Reproduction

To reproduce this vulnerability, access the '/intranet/educar_nivel_ensino_cad.php' endpoint. Select the default option in the first field, then insert a payload into the 'nm_nivel' and 'descricao' fields. After clicking 'Salvar', the trigger page '/intranet/educar_transferencia_tipo_lst.php' will be activated automatically, executing the injected script. The vulnerability can also be confirmed by accessing the '/intranet/educar_nivel_ensino_det.php?cod_nivel_ensino=[id]' endpoint, which will show the executed payload.