12 matches found
CVE-2025-9638
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Portabilis i-Educar allows Stored Cross-Site Scripting XSS via the matriculainterna parameter in the educarusuariocad.php endpoint. This issue affects i-Educar: 2.10.0...
EUVD-2025-202286
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Portabilis i-Educar allows Stored Cross-Site Scripting XSS via the matriculainterna parameter in the educarusuariocad.php endpoint. This issue affects i-Educar: 2.10.0...
CVE-2025-9638
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Portabilis i-Educar allows Stored Cross-Site Scripting XSS via the matriculainterna parameter in the educarusuariocad.php endpoint. This issue affects i-Educar: 2.10.0...
CVE-2025-9638
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Portabilis i-Educar allows Stored Cross-Site Scripting XSS via the matriculainterna parameter in the educarusuariocad.php endpoint. This issue affects i-Educar: 2.10.0...
CVE-2025-9638 i-Educar 2.10.0 - Stored Cross-Site Scripting (XSS) in admin panel
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Portabilis i-Educar allows Stored Cross-Site Scripting XSS via the matriculainterna parameter in the educarusuariocad.php endpoint. This issue affects i-Educar: 2.10.0...
CVE-2025-10590
A security flaw has been discovered in Portabilis i-Educar up to 2.10. The impacted element is an unknown function of the file /intranet/educarusuariodet.php. The manipulation of the argument refpessoa results in cross site scripting. The attack can be executed remotely. The exploit has been...
CVE-2025-10590 Portabilis i-Educar educar_usuario_det.php cross site scripting
A security flaw has been discovered in Portabilis i-Educar up to 2.10. The impacted element is an unknown function of the file /intranet/educarusuariodet.php. The manipulation of the argument refpessoa results in cross site scripting. The attack can be executed remotely. The exploit has been...
CVE-2025-10099 Portabilis i-Educar Editar usuário educar_usuario_cad.php cross site scripting
A weakness has been identified in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/educarusuariocad.php of the component Editar usuário Page. This manipulation of the argument email/datainicial/dataexpiracao causes cross site...
CVE-2025-10099 Portabilis i-Educar Editar usuário educar_usuario_cad.php cross site scripting
A weakness has been identified in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/educarusuariocad.php of the component Editar usuário Page. This manipulation of the argument email/datainicial/dataexpiracao causes cross site...
CVE-2025-10099
CVE-2025-10099 affects Portabilis i-Educar up to v2.10. The issue is in /intranet/educar_usuario_cad.php (Editar usuário Page); manipulating parameters email, data_inicial, or data_expiracao leads to reflected XSS. Exploitation is remote and public. Some sources indicate versions up to 2.10 with ...
CVE-2025-8785 Portabilis i-Educar educar_usuario_lst.php cross site scripting
A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar up to 2.9. This issue affects some unknown processing of the file /intranet/educarusuariolst.php. The manipulation of the argument nmpessoa/matricula/matriculainterna leads to cross site scripting. The...
CVE-2025-8785
CVE-2025-8785 affects Portabilis i-Educar up to 2.9. The issue is a Cross-Site Scripting (XSS) vulnerability in the endpoint /intranet/educar_usuario_lst.php caused by improper handling of the nm_pessoa/matricula/matricula_interna parameters. An attacker can remotely trigger the flaw, and public ...