CNNVD-202508-846 Information

Aug 10, 2025 cve

CNNVD ID

CNNVD-202508-846

CVE-2025-8786

CNNVD Published: 2025-08-10

Description (Chinese)

Portabilis i‑Diário是巴西Portabilis开源的一个学校教学日历与教师互动管理系统。 Portabilis i‑Diário 1.5.0及之前版本存在代码注入漏洞，该漏洞源于文件/registros-de-conteudos-por-areas-de-conhecimento/中参数Registro de atividades/Conteúdos处理不当，可能导致跨站脚本攻击。

Description (English)

Portabilis i-Diário is an interactive management system for school calendars and teachers that is an open source in Portabilis, Brazil. Portabilis i-Diário 1.5.0 and previous versions had a code-injecting loophole, which originated in document/registros-de-conteudos-pro-areas-de-conhecimento/mediate parameter Registro de atividades/Conteúdos, which could lead to cross-script attacks.

Hazard Level

Critical

Vulnerability Type

代码注入

Published

2025-08-10

Last Modified

2026-02-24

References

https://vuldb.com/?ctiid.319314 https://github.com/marcelomulder/CVE/blob/main/i-diario/CVE-2025-8786.md https://vuldb.com/?submit.625794 https://vuldb.com/?id.319314 https://github.com/marcelomulder/CVE/blob/main/i-diario/Stored%20XSS%20endpoint%20registros-de-conteudos-por-areas-de-conhecimento.(ID)%20in%20multiples%20parameters.md https://access.redhat.com/security/cve/cve-2025-8786 https://nvd.nist.gov/vuln/detail/CVE-2025-8786

Share on: