Lucene search
K

794 matches found

Vulnrichment
Vulnrichment
added 2026/02/06 10:32 a.m.5 views

CVE-2026-2015 Portabilis i-Educar Final Status Import FinalStatusImportService.php improper authorization

A weakness has been identified in Portabilis i-Educar up to 2.10. Affected is an unknown function of the file FinalStatusImportService.php of the component Final Status Import. Executing a manipulation of the argument schoolid can lead to improper authorization. The attack can be executed remotel...

6.5CVSS5.1AI score0.00307EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/02/06 10:32 a.m.10 views

CVE-2026-2015

A weakness has been identified in Portabilis i-Educar up to 2.10. Affected is an unknown function of the file FinalStatusImportService.php of the component Final Status Import. Executing a manipulation of the argument schoolid can lead to improper authorization. The attack can be executed remotel...

6.5CVSS5.1AI score0.00307EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2026/02/06 10:32 a.m.12 views

CVE-2026-2015

CVE-2026-2015 affects Portabilis i-Educar up to version 2.10, in the Final Status Import component. The issue is an improper authorization vulnerability exploitable by manipulating the school_id argument inside FinalStatusImportService.php, with remote execution implied. Public PoC/exploit is ava...

8.8CVSS6.2AI score0.00307EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.8 views

Portábilis i-Educar 授权问题漏洞

Portábilis i-Educar is an application developed by Portábilis Corporation. It can conveniently assist you with basic education and technical training. Versions of Portábilis i-Educar 2.10 and earlier contained a licensing vulnerability. This vulnerability stemmed from incorrect handling of the...

8.8CVSS6.5AI score0.00307EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.8 views

PT-2026-6716

Name of the Vulnerable Software and Affected Versions Portabilis i-Educar versions up to 2.10 Description A weakness exists in Portabilis i-Educar up to version 2.10, specifically within the Final Status Import component. The issue involves improper authorization that can be triggered by...

6.5CVSS5.2AI score0.00307EPSS
Exploits1References10
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.7 views

i-Educar 代码注入漏洞

i-Educar is a free educational software developed by Portábilis. Versions of i-Educar 2.10 and earlier had a code injection vulnerability. This vulnerability stemmed from incorrect handling of the File parameter in the user data page file/intranet/meusdadod.php, which could lead to cross-site...

5.4CVSS5.7AI score0.00217EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.6 views

PT-2026-6782

Name of the Vulnerable Software and Affected Versions Portabilis i-Educar versions up to 2.10 Description A security issue exists in Portabilis i-Educar. This issue involves the manipulation of the File argument within the /intranet/meusdadod.php file, specifically related to the User Data Page...

5.1CVSS3.6AI score0.00217EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2025/12/10 4:9 p.m.7 views

CVE-2025-9638

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Portabilis i-Educar allows Stored Cross-Site Scripting XSS via the matriculainterna parameter in the educarusuariocad.php endpoint. This issue affects i-Educar: 2.10.0...

4.8CVSS5.1AI score0.00184EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/09 6:30 p.m.5 views

EUVD-2025-202286

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Portabilis i-Educar allows Stored Cross-Site Scripting XSS via the matriculainterna parameter in the educarusuariocad.php endpoint. This issue affects i-Educar: 2.10.0...

4.8CVSS4.6AI score0.00184EPSS
Exploits1References3
NVD
NVD
added 2025/12/09 4:18 p.m.6 views

CVE-2025-9638

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Portabilis i-Educar allows Stored Cross-Site Scripting XSS via the matriculainterna parameter in the educarusuariocad.php endpoint. This issue affects i-Educar: 2.10.0...

4.8CVSS0.00184EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/12/09 3:59 p.m.3 views

CVE-2025-9638 i-Educar 2.10.0 - Stored Cross-Site Scripting (XSS) in admin panel

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Portabilis i-Educar allows Stored Cross-Site Scripting XSS via the matriculainterna parameter in the educarusuariocad.php endpoint. This issue affects i-Educar: 2.10.0...

4.8CVSS4.7AI score0.00184EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/12/09 3:59 p.m.22 views

CVE-2025-9638 i-Educar 2.10.0 - Stored Cross-Site Scripting (XSS) in admin panel

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Portabilis i-Educar allows Stored Cross-Site Scripting XSS via the matriculainterna parameter in the educarusuariocad.php endpoint. This issue affects i-Educar: 2.10.0...

4.8CVSS0.00184EPSS
Exploits1References2
CVE
CVE
added 2025/12/09 3:59 p.m.11 views

CVE-2025-9638

Portabilis i-Educar 2.10.0 is affected by CVE-2025-9638. The issue is an Improper Neutralization of Input During Web Page Generation, allowing Stored Cross-Site Scripting via the matricula_interna parameter in educar_usuario_cad.php. No exploitation details are provided in the supplied documents....

4.8CVSS4.7AI score0.00184EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2025/12/09 3:59 p.m.4 views

CVE-2025-9638 i-Educar 2.10.0 - Stored Cross-Site Scripting (XSS) in admin panel

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Portabilis i-Educar allows Stored Cross-Site Scripting XSS via the matriculainterna parameter in the educarusuariocad.php endpoint. This issue affects i-Educar: 2.10.0...

4.8CVSS5.9AI score0.00184EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.6 views

i-Educar 安全漏洞

i-Educar is a free educational software from Portábilis Open Source. A security vulnerability exists in i-Educar version 2.10.0, which stems from an improperly entered neutralization of the matriculainterna parameter in the educarusuariocad.php endpoint, which could lead to a stored cross-site...

4.8CVSS5.9AI score0.00184EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.4 views

PT-2025-50091

Name of the Vulnerable Software and Affected Versions Portabilis i-Educar version 2.10.0 Description The software contains an Improper Neutralization of Input During Web Page Generation issue, leading to Stored Cross-Site Scripting XSS. The issue occurs via the matricula interna parameter in the...

4.8CVSS5.4AI score0.00184EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/11/26 4:56 p.m.5 views

CVE-2025-65022

i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/agenda.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands against the...

7.2CVSS8.4AI score0.0028EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/20 9:36 p.m.5 views

CVE-2025-65024

i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/agendaadmincad.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands against...

7.2CVSS8.3AI score0.00361EPSS
Exploits1References1
NVD
NVD
added 2025/11/19 4:15 p.m.7 views

CVE-2025-65024

i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/agendaadmincad.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands against...

7.2CVSS0.00361EPSS
Exploits1References2
NVD
NVD
added 2025/11/19 4:15 p.m.6 views

CVE-2025-65023

i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/funcionariovinculocad.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands...

7.2CVSS0.00361EPSS
Exploits1References2
Rows per page
Query Builder