CNNVD-202508-1434 Information
CNNVD ID
CNNVD-202508-1434
Related CVE
- CNNVD Published: 2025-08-13
Description (Chinese)
Portabilis i‑Diário是巴西Portabilis开源的一个学校教学日历与教师互动管理系统。 Portabilis i‑Diário 1.6版本存在代码注入漏洞,该漏洞源于对文件/dicionario-de-termos-bncc中参数Planos de ensino的错误操作导致跨站脚本攻击。
Description (English)
Portabilis i-Diário is an interactive management system for school calendars and teachers that is an open source in Portabilis, Brazil. Version 1.6 of Portabilis i-Diário contains a code-injection loophole resulting from an error in the use of the parameter Planos de ensino in the document/diciorio-de-termos-bncc, resulting in a cross-site script attack.
Hazard Level
Critical
Vulnerability Type
代码注入
Published
2025-08-13
Last Modified
2026-02-24
References
https://github.com/FeMarb/CVEs/blob/6eeefb2749bb6165557ed4664a0680456131e4de/I-diario/Cross-Site%20Scripting%20(XSS)%20Storage%20in%20endpoint%20_dicionario-de-termos-bncc%20parameter%20Planos%20de%20ensino%20input%20field.md https://vuldb.com/?ctiid.319879 https://vuldb.com/?id.319879 https://vuldb.com/?submit.629168
Patch
https://benjaminconstant-am.portabilis.com.br/
Share on: