CNNVD-202602-957 Information

CNNVD ID

CNNVD-202602-957

Related CVE

CVE-2026-2064

• CNNVD Published: 2026-02-06

Description (Chinese)

i-Educar是Portábilis开源的一个免费教育软件。 i-Educar 2.10及之前版本存在代码注入漏洞，该漏洞源于对用户数据页面文件/intranet/meusdadod.php中参数File的错误操作，可能导致跨站脚本攻击。

Description (English)

i-Educar is a free education software from Portábilis. i-Educar 2.10 and previous versions contain a code-injection loophole that results from an error in File, the parameter in the user data page file/intranet/meusdadod.php, which may result in a cross-site script attack.

Hazard Level

Critical

Vulnerability Type

代码注入

Affected Vendor

Portábilis

Published

2026-02-06

Last Modified

2026-02-24

References

https://github.com/nmmorette/vulnerability-research/tree/main/XSS-Idiario https://vuldb.com/?ctiid.344631 https://vuldb.com/?id.344631 https://vuldb.com/?submit.745108 https://access.redhat.com/security/cve/cve-2026-2064