CNNVD-202508-2002 Information

Aug 18, 2025 cve

CNNVD ID

CNNVD-202508-2002

CVE-2025-9107

CNNVD Published: 2025-08-18

Description (Chinese)

Portabilis i‑Diário是巴西Portabilis开源的一个学校教学日历与教师互动管理系统。 Portabilis i‑Diário 1.5.0及之前版本存在安全漏洞，该漏洞源于planos-de-ensino-por-areas-de-conhecimento未对参数进行过滤，导致远程攻击者可注入跨站脚本。

Description (English)

Portabilis i-Diário is an interactive management system for school calendars and teachers that is an open source in Portabilis, Brazil. Portabilis i-Diário 1.5.0 and previous versions contain a security loophole resulting from the lack of filtering of parameters in Planos-de-ensino-pro-areas-de-conhecimento, resulting in the injection of a remote attacker into a cross-site script.

Hazard Level

High

Vulnerability Type

其他

Published

2025-08-18

Last Modified

2026-02-24

References

https://github.com/marcelomulder/CVE/blob/main/i-diario/Reflected%20XSS%20endpoint%20search_autocomplete%20parameter%20q.md#poc https://vuldb.com/?id.320429 https://vuldb.com/?submit.627568 https://vuldb.com/?ctiid.320429 https://github.com/marcelomulder/CVE/blob/main/i-diario/CVE-2025-9107.md https://nvd.nist.gov/vuln/detail/CVE-2025-9107

Share on: