CNNVD-202508-847 Information

Aug 10, 2025 cve

CNNVD ID

CNNVD-202508-847

CVE-2025-8788

CNNVD Published: 2025-08-10

Description (Chinese)

Portabilis i‑Diário是巴西Portabilis开源的一个学校教学日历与教师互动管理系统。 Portabilis i‑Diário 1.5.0及之前版本存在代码注入漏洞，该漏洞源于文件/planos-de-aula-por-areas-de-conhecimento/中参数Parecer/Conteúdos/Objetivos处理不当，可能导致跨站脚本攻击。

Description (English)

Portabilis i-Diário is an interactive management system for school calendars and teachers that is an open source in Portabilis, Brazil. Portabilis i-Diário 1.5.0 and previous versions had a code-injection loophole, which originated in the medium-parameter Parecer/Conteúdos/Objetivos document/planos-de-aula-poor-areas-de-conhecimento/ did not handle properly and could lead to a cross-script attack.

Hazard Level

Critical

Vulnerability Type

代码注入

Published

2025-08-10

Last Modified

2026-02-24

References

https://vuldb.com/?id.319316 https://github.com/marcelomulder/CVE/blob/main/i-diario/CVE-2025-8788.md https://vuldb.com/?ctiid.319316 https://github.com/marcelomulder/CVE/blob/main/i-diario/Stored%20XSS%20endpoint%20planos-de-aula-por-areas-de-conhecimento.(ID)%20in%20multiples%20parameters.md https://vuldb.com/?submit.625799 https://access.redhat.com/security/cve/cve-2025-8788 https://nvd.nist.gov/vuln/detail/CVE-2025-8788

Share on: