CNNVD-202507-2544 Information

Jul 20, 2025 cve

CNNVD ID

CNNVD-202507-2544

CVE-2025-7870

CNNVD Published: 2025-07-20

Description (Chinese)

Portabilisu202fi‑Diário是巴西Portabilis开源的一个学校教学日历与教师互动管理系统。 Portabilisu202fi‑Diário 1.5.0版本存在代码注入漏洞，该漏洞源于justificativas-de-falta端点中参数Anexo处理不当导致跨站脚本。

Description (English)

Portabilisu 202fi — Diário is a system of management of the school calendar and teacher interaction, which is an open source in Portabilis, Brazil. Portabilisu 202fi-Diário 1.5.0 has a code-injection loophole, which stems from the mishandling of the parameter Anexo at the justificativas-de-falta endpoint, resulting in the cross-site script.

Hazard Level

Critical

Vulnerability Type

代码注入

Published

2025-07-20

Last Modified

2026-02-24

References

https://vuldb.com/?id.316983 https://github.com/CVE-Hunters/CVE/blob/main/i-diario/CVE-2025-7870.md https://vuldb.com/?ctiid.316983 https://vuldb.com/?submit.607947 https://access.redhat.com/security/cve/cve-2025-7870

Share on: