A vulnerability has been found in Portabilis i-Educar 2.9.0/2.10.0. This vulnerability affects unknown code of the file /intranet/agenda.php of the component Agenda Module. The manipulation of the argument novo_titulo/novo_descricao leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Sat, 27 Sep 2025 00:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:portabilis:i-educar:2.10.0:*:*:*:*:*:*:*

Tue, 19 Aug 2025 06:00:00 +0000

Type Values Removed Values Added
Description A vulnerability classified as problematic has been found in Portabilis i-Educar 2.9.0. Affected is an unknown function of the file /intranet/agenda.php of the component Agenda Module. The manipulation of the argument novo_titulo leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. A vulnerability has been found in Portabilis i-Educar 2.9.0/2.10.0. This vulnerability affects unknown code of the file /intranet/agenda.php of the component Agenda Module. The manipulation of the argument novo_titulo/novo_descricao leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title Portabilis i-Educar Agenda Module agenda.php cross site scripting Portabilis i-Educar Agenda agenda.php cross site scripting
References

Wed, 13 Aug 2025 14:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:portabilis:i-educar:2.9.0:*:*:*:*:*:*:*

Tue, 22 Jul 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Sun, 20 Jul 2025 04:30:00 +0000

Type Values Removed Values Added
Description A vulnerability classified as problematic has been found in Portabilis i-Educar 2.9.0. Affected is an unknown function of the file /intranet/agenda.php of the component Agenda Module. The manipulation of the argument novo_titulo leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title Portabilis i-Educar Agenda Module agenda.php cross site scripting
Weaknesses CWE-79
CWE-94
References
Metrics cvssV2_0

{'score': 4, 'vector': 'AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 3.5, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 3.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2025-08-19T05:47:19.745Z

Reserved: 2025-07-19T05:52:47.739Z

Link: CVE-2025-7867

cve-icon Vulnrichment

Updated: 2025-07-22T13:57:06.305Z

cve-icon NVD

Status : Analyzed

Published: 2025-07-20T05:15:41.710

Modified: 2025-09-27T00:28:06.167

Link: CVE-2025-7867

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-07-21T15:16:58Z