CVE-2025-9106 Information

Aug 19, 2025 cve

Description

A vulnerability was found in Portabilis i-Diario up to 1.5.0. This affects an unknown function of the file /planos-de-ensino-por-disciplina/ of the component Informações Adicionais Page. Performing manipulation of the argument Parecer/Conteúdos/Objetivos results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Reference

https://github.com/marcelomulder/CVE/blob/main/i-diario/CVE-2025-9106%20.md https://github.com/marcelomulder/CVE/blob/main/i-diario/Stored%20XSS%20endpoint%20planos-de-ensino-por-disciplina.(ID)%20in%20multiples%20parameters.md#poc https://vuldb.com/?ctiid.320428 https://vuldb.com/?id.320428 https://vuldb.com/?submit.627567 https://github.com/marcelomulder/CVE/blob/main/i-diario/CVE-2025-9106%20.md https://vuldb.com/?submit.627567

CNNVD-202508-2001 (Published: 2025-08-18)

Share on:

CVE-2025-9106 Information

Description

Reference

Related CNNVD