CNNVD-202508-2000 Information

Aug 18, 2025 cve

CNNVD ID

CNNVD-202508-2000

CVE-2025-9104

CNNVD Published: 2025-08-18

Description (Chinese)

Portabilis i‑Diário是巴西Portabilis开源的一个学校教学日历与教师互动管理系统。 Portabilis i‑Diário 1.5.0及之前版本存在安全漏洞，该漏洞源于planos-de-ensino-por-areas-de-conhecimento未对参数进行过滤，导致远程攻击者可注入跨站脚本。

Description (English)

Portabilis i-Diário is an interactive management system for school calendars and teachers that is an open source in Portabilis, Brazil. Portabilis i-Diário 1.5.0 and previous versions contain a security loophole resulting from the lack of filtering of parameters in Planos-de-ensino-pro-areas-de-conhecimento, resulting in the injection of a remote attacker into a cross-site script.

Hazard Level

Critical

Vulnerability Type

其他

Published

2025-08-18

Last Modified

2026-02-24

References

https://github.com/marcelomulder/CVE/blob/main/i-diario/Stored%20XSS%20endpoint%20planos-de-aulas-por-disciplina.(ID)%20in%20multiples%20parameters.md#poc https://vuldb.com/?id.320426 https://vuldb.com/?submit.627565 https://github.com/marcelomulder/CVE/blob/main/i-diario/CVE-2025-9104.md https://vuldb.com/?ctiid.320426 https://nvd.nist.gov/vuln/detail/CVE-2025-9104

Share on: