CNNVD-202508-845 Information
CNNVD ID
CNNVD-202508-845
Related CVE
- CNNVD Published: 2025-08-10
Description (Chinese)
i-Educar是Portábilis开源的一个免费教育软件。 i-Educar 2.9及之前版本存在代码注入漏洞,该漏洞源于文件/intranet/educar_usuario_lst.php中参数nm_pessoa/matricula/matricula_interna处理不当,可能导致跨站脚本攻击。
Description (English)
i-Educar is a free education software from Portábilis. i-Educar 2.9 and previous versions had a code injection loophole, which originated from the parameter nm pssoa/matricula/matricula interna in the document/intranet/educar usuario lst.php and could lead to a cross-site script attack.
Hazard Level
Critical
Vulnerability Type
代码注入
Affected Vendor
Portábilis
Published
2025-08-10
Last Modified
2026-02-24
References
https://vuldb.com/?ctiid.319313 https://github.com/marcelomulder/CVE/blob/main/i-educar/Reflected_XSS_endpoint_educar_usuario_lst.php_parameters_nm_pessoa https://github.com/marcelomulder/CVE/blob/main/i-educar/CVE-2025-8785.md https://vuldb.com/?id.319313 https://vuldb.com/?submit.625788 https://access.redhat.com/security/cve/cve-2025-8785
Patch
https://github.com/portabilis/i-educar/releases
Share on: