CNNVD-202507-2545 Information

Jul 20, 2025 cve

CNNVD ID

CNNVD-202507-2545

CVE-2025-7871

CNNVD Published: 2025-07-20

Description (Chinese)

Portabilisu202fi‑Diário是巴西Portabilis开源的一个学校教学日历与教师互动管理系统。 Portabilisu202fi‑Diário 1.5.0版本存在代码注入漏洞，该漏洞源于文件/conteudos中参数filter[by_description]处理不当导致跨站脚本。

Description (English)

Portabilisu 202fi — Diário is a system of management of the school calendar and teacher interaction, which is an open source in Portabilis, Brazil. Portabilisu202fi – Diário 1.5.0 contains a code-injection loophole, which arises from the mishandling of the parameter file/conteudos; the error in handling the flyer [by description] resulted in the cross-site script.

Hazard Level

Critical

Vulnerability Type

代码注入

Published

2025-07-20

Last Modified

2026-02-24

References

https://github.com/CVE-Hunters/CVE/blob/main/i-diario/CVE-2025-7871.md https://vuldb.com/?submit.607948 https://vuldb.com/?ctiid.316984 https://vuldb.com/?id.316984 https://access.redhat.com/security/cve/cve-2025-7871

Share on: