A vulnerability was identified in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/educar_projeto_cad.php of the component Cadastrar projeto Page. Such manipulation of the argument nome/observacao leads to cross site scripting. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
History

Sun, 31 Aug 2025 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Portabilis
Portabilis i-educar
Vendors & Products Portabilis
Portabilis i-educar

Fri, 29 Aug 2025 21:30:00 +0000

Type Values Removed Values Added
References

Fri, 29 Aug 2025 21:15:00 +0000


Fri, 29 Aug 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 29 Aug 2025 14:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/educar_projeto_cad.php of the component Cadastrar projeto Page. Such manipulation of the argument nome/observacao leads to cross site scripting. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
Title Portabilis i-Educar Cadastrar projeto educar_projeto_cad.php cross site scripting
Weaknesses CWE-79
CWE-94
References
Metrics cvssV2_0

{'score': 4, 'vector': 'AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 3.5, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 3.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2025-08-29T21:04:29.224Z

Reserved: 2025-08-29T06:54:18.967Z

Link: CVE-2025-9653

cve-icon Vulnrichment

Updated: 2025-08-29T14:50:03.123Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-08-29T15:15:38.143

Modified: 2025-08-29T21:15:37.100

Link: CVE-2025-9653

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-08-31T08:41:35Z