CNNVD-202508-1396 Information
CNNVD ID
CNNVD-202508-1396
Related CVE
- CNNVD Published: 2025-08-13
Description (Chinese)
i-Educar是Portábilis开源的一个免费教育软件。 i-Educar 2.10及之前版本存在代码注入漏洞,该漏洞源于文件/intranet/educar_instituicao_cad.php中neighborhood name参数操作导致跨站脚本攻击。
Description (English)
i-Educar is a free education software from Portábilis. i-Educar 2.10 and previous versions contain code-injection holes, which stem from the operation of neighborhood name parameters in file/intranet/educar instituicao cad.php leading to a cross-site script attack.
Hazard Level
Critical
Vulnerability Type
代码注入
Affected Vendor
Portábilis
Published
2025-08-13
Last Modified
2026-02-24
References
https://github.com/FeMarb/CVEs/blob/6eeefb2749bb6165557ed4664a0680456131e4de/i-educar/Cross-Site%20Scripting%20(XSS)%20Storage%20in%20endpoint%20_educar_instituicao_cad.php%20parameter%20neighborhood%20name.md https://vuldb.com/?ctiid.319877 https://vuldb.com/?id.319877 https://vuldb.com/?submit.629164
Patch
https://benjaminconstant-am.portabilis.com.br/
Share on: