CVE-2026-2064

A vulnerability was identified in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/meusdadod.php of the component User Data Page. Such manipulation of the argument File leads to cross site scripting. It is possible to launch the atta...

CVE-2025-11554

A security vulnerability has been detected in Portabilis i-Educar up to 2.9.10. Affected by this issue is some unknown functionality of the file app/Http/Controllers/AccessLevelController.php of the component User Type Handler. The manipulation leads to insecure inherited permissions. The attack...

CVE-2025-10590 Portabilis i-Educar educar_usuario_det.php cross site scripting

A security flaw has been discovered in Portabilis i-Educar up to 2.10. The impacted element is an unknown function of the file /intranet/educarusuariodet.php. The manipulation of the argument refpessoa results in cross site scripting. The attack can be executed remotely. The exploit has been...

PT-2025-38105

Name of the Vulnerable Software and Affected Versions: Portabilis i-Educar versions up to 2.10 Description: A vulnerability exists in Portabilis i-Educar up to version 2.10. The issue is related to cross site scripting in the file /intranet/educar calendario anotacao cad.php. Manipulation of the ...

CVE-2025-10372

CVE-2025-10372 affects Portabilis i-Educar up to version 2.10. The vulnerability is an XSS caused by manipulation of the nm_tipo/descricao argument in the file /intranet/educar_modulo_cad.php, which can be triggered remotely. Public exploit code is available. Remediation mentioned across sources ...

CVE-2025-10074 Portabilis i-Educar tipos cross site scripting

A vulnerability was identified in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /usuarios/tipos/. The manipulation of the argument Tipos de Usuário/Descrição leads to cross site scripting. The attack can be initiated remotely. The exploit is publicly...

CVE-2025-10073 Portabilis i-Educar turma improper authorization

A vulnerability was determined in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/Api/turma. Executing manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized...

CVE-2025-10072

A vulnerability was found in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /matricula/IDSTUDENT/enturmar/. Performing manipulation results in improper access controls. It is possible to initiate the attack remotely. The exploit has been made public and cou...

CVE-2025-10013

A vulnerability was detected in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /exportacao-para-o-seb. Performing manipulation results in improper access controls. The attack is possible to be carried out remotely. The exploit is now public and may be used...

CVE-2025-9723

A vulnerability was found in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /intranet/educartiporegimecad.php. Performing manipulation of the argument nmtipo results in cross site scripting. The attack can be initiated remotely. The exploit has been made public and...

CVE-2025-9723 Portabilis i-Educar educar_tipo_regime_cad.php cross site scripting

A vulnerability was found in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /intranet/educartiporegimecad.php. Performing manipulation of the argument nmtipo results in cross site scripting. The attack can be initiated remotely. The exploit has been made public and...

CVE-2025-9720

Portabilis i-Educar up to 2.10 is affected. The vulnerability lies in the /module/TabelaArredondamento/edit component (Cadastrar tabela de arredundamento Page) where manipulating the Nome argument enables cross-site scripting. The issue can be exploited remotely and exploits are public. Remediati...

CVE-2025-9608

A vulnerability has been found in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /module/FormulaMedia/view of the component Formula de Cálculo de Média Page. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The...

CVE-2025-9687

A weakness has been identified in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/HistoricoEscolar/processamentoApi. Executing manipulation can lead to improper authorization. The attack may be performed from a remote location. The exploit has been made availab...

CVE-2025-9687 Portabilis i-Educar processamentoApi improper authorization

A weakness has been identified in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/HistoricoEscolar/processamentoApi. Executing manipulation can lead to improper authorization. The attack may be performed from a remote location. The exploit has been made availab...

CVE-2025-9607

A flaw has been found in Portabilis i-Educar up to 2.10. Affected by this issue is some unknown functionality of the file /module/TabelaArredondamento/view of the component Tabelas de Arredondamento Page. Executing manipulation of the argument ID can lead to sql injection. The attack may be...

CVE-2025-9236

A vulnerability has been found in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /intranet/educartipousuariolst.php of the component Tipos de usuàrio Page. Such manipulation of the argument nmtipo/descrição leads to sql injection. The attack may be performed from a...

CVE-2025-8784 Portabilis i-Educar Cadastrar Vínculo funcionario_vinculo_cad.php cross site scripting

A vulnerability classified as problematic was found in Portabilis i-Educar up to 2.9. This vulnerability affects unknown code of the file /intranet/funcionariovinculocad.php of the component Cadastrar Vínculo Page. The manipulation of the argument nome leads to cross site scripting. The attack ca...