CNNVD-202508-848 Information

Aug 10, 2025 cve

CNNVD ID

CNNVD-202508-848

CVE-2025-8787

CNNVD Published: 2025-08-10

Description (Chinese)

Portabilis i‑Diário是巴西Portabilis开源的一个学校教学日历与教师互动管理系统。 Portabilis i‑Diário 1.5.0及之前版本存在代码注入漏洞，该漏洞源于文件/registros-de-conteudos-por-disciplina/中参数Registro de atividades/Conteúdos处理不当，可能导致跨站脚本攻击。

Description (English)

Portabilis i-Diário is an interactive management system for school calendars and teachers that is an open source in Portabilis, Brazil. Portabilis i-Diário 1.5.0 and previous versions had a code-injection loophole, which stemmed from the inappropriate handling of the parameter Registro de atividades/Conteúdos in document/registros-de-conteudos-pro-disciplina/, which could lead to cross-site script attacks.

Hazard Level

Critical

Vulnerability Type

代码注入

Published

2025-08-10

Last Modified

2026-02-24

References

https://vuldb.com/?ctiid.319315 https://github.com/marcelomulder/CVE/blob/main/i-diario/CVE-2025-8787.md https://github.com/marcelomulder/CVE/blob/main/i-diario/Stored%20XSS%20endpoint%20registros-de-conteudos-por-disciplina.(ID)%20in%20multiples%20parameters.md https://vuldb.com/?submit.625795 https://vuldb.com/?id.319315 https://access.redhat.com/security/cve/cve-2025-8787 https://nvd.nist.gov/vuln/detail/CVE-2025-8787

Share on: