EUVD-2025-24590

Malicious code in bioql PyPI...

i-Educar 安全漏洞

i-Educar is a free educational software from Portábilis Open Source. A security vulnerability exists in i-Educar version 2.10 and earlier, which stems from a SQL injection attack due to the incorrect manipulation of the parameter ID in the file /module/TabelaArredondamento/view...

CVE-2025-8543

A vulnerability classified as problematic has been found in Portabilis i-Educar 2.10. Affected is an unknown function of the file /intranet/educarracacad.php. The manipulation of the argument nmraca leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-8544

A vulnerability classified as problematic was found in Portabilis i-Educar 2.10. Affected by this vulnerability is an unknown functionality of the file /module/RegraAvaliacao/edit. The manipulation of the argument nome leads to cross site scripting. The attack can be launched remotely. The exploi...

CVE-2025-8508

A vulnerability was found in Portabilis i-Educar 2.9. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /intranet/educaravaliacaodesempenhocad.php. The manipulation of the argument tituloavaliacao/descricao leads to cross site scripting. T...

CVE-2025-8543

A vulnerability classified as problematic has been found in Portabilis i-Educar 2.10. Affected is an unknown function of the file /intranet/educarracacad.php. The manipulation of the argument nmraca leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-8509 Portabilis i-Educar educar_servidor_cad.php cross site scripting

A vulnerability was found in Portabilis i-Educar 2.9. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /intranet/educarservidorcad.php. The manipulation of the argument matricula leads to cross site scripting. The attack may be launched remotely...

CVE-2025-8507

CVE-2025-8507 affects Portabilis i-Educar 2.9. The vulnerability targets an unknown function in the file /intranet/educar_funcao_lst.php, where manipulating the nm_funcao/abreviatura parameter leads to cross-site scripting. It can be exploited remotely and an exploit has been disclosed publicly. ...

CVE-2025-8507 Portabilis i-Educar educar_funcao_lst.php cross site scripting

A vulnerability was found in Portabilis i-Educar 2.9. It has been classified as problematic. Affected is an unknown function of the file /intranet/educarfuncaolst.php. The manipulation of the argument nmfuncao/abreviatura leads to cross site scripting. It is possible to launch the attack remotely...

CVE-2025-8366 Portabilis i-Educar educar_servidor_lst.php cross site scripting

A vulnerability was found in Portabilis i-Educar 2.9. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /intranet/educarservidorlst.php. The manipulation of the argument nome/matriculaservidor leads to cross site scripting. The attack may be launch...

CVE-2025-8365

A vulnerability was found in Portabilis i-Educar 2.10. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file atendidoscad.php. The manipulation of the argument nome/nomesocial/email leads to cross site scripting. The attack can be launched...

PT-2025-31478 · Unknown · Portabilis I-Educar

Name of the Vulnerable Software and Affected Versions: Portabilis i-Educar version 2.9 Description: A problematic vulnerability exists in Portabilis i-Educar 2.9. The vulnerability affects unknown code within the /intranet/pesquisa pessoa lst.php file. Manipulation of the campo busca/cpf argument...

PT-2025-31472 · Unknown · Portabilis I-Educar

Name of the Vulnerable Software and Affected Versions: Portabilis i-Educar version 2.10 Description: A flaw exists in Portabilis i-Educar 2.10 within the atendidos cad.php file. Manipulation of the nome/nome social/email argument can trigger cross-site scripting. This issue is remotely exploitabl...

CVE-2025-7111 Portabilis i-Educar Course Module educar_curso_det.php cross site scripting

A vulnerability has been found in Portabilis i-Educar 2.9.0 and classified as problematic. This vulnerability affects unknown code of the file /intranet/educarcursodet.php?codcurso=ID of the component Course Module. The manipulation of the argument Curso leads to cross site scripting. The attack...

CVE-2023-5578

A vulnerability was found in Portábilis i-Educar up to 2.7.5. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file \intranet\agendaimprimir.php of the component HTTP GET Request Handler. The manipulation of the argument codagenda with the inp...

CVE-2024-55651

i-Educar is free, fully online school management software. Version 2.9 of the application fails to properly validate and sanitize user supplied input, leading to a stored cross-site scripting vulnerability that resides within the user type Tipo de Usuário input field. Through this attacker vector...

CVE-2024-55651

CVE-2024-55651 pertains to i-Educar (version 2.9) where the application fails to validate and sanitize input in the user type field, causing a stored cross-site scripting (XSS) vulnerability. The root cause is improper input handling of the Tipo de Usuário field, which could allow an attacker to ...

CVE-2024-45059

i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A SQL Injection vulnerability was found prior to the 2.9 branch in the ieducar/intranet/funcionariovinculodet.php file, which creates the query by...

CVE-2024-45058

i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. Prior to the 2.9 branch, an attacker with only minimal viewing privileges in the settings section is able to change their user type to Administrator or...