Portabilis i-Educar har 2.10 Editar Page educar_instituicao_cad.php neighborhood name Cross Site Scripting

Hakika vulnerability da aka rarraba a matsayin karshewa an gano a Portabilis i-Educar har 2.10. Tabbas, aikin $software_function ne ke da matsala; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburare $software_library, a cikin fayil /intranet/educar_instituicao_cad.php, a cikin sashi Editar Page. Wuro manipulation of the argument neighborhood name ga Cross Site Scripting. Amfani da CWE wajen bayyana matsala yana kaiwa CWE-79. Lalle, rauni an sanar da shi 08/13/2025 daga Fernanda Martins. Ana samun bayanin tsaro don saukewa a github.com. Ana kiran wannan rauni da CVE-2025-8918. Ngam yiɗi ka a tuma ndiyam ka nder internet. Bayani na fasaha ga. Kuma, akwai exploit. Exploit ɗin an bayyana wa jama'a, za a iya amfani da shi. A sa'i, exploit might be approx. USD $0-$5k ndiyam. Á yí huɗɗi-na-gaskiya. Za a iya samun exploit a github.com. 0-day ga, an ndiyam a wuro be $0-$5k. If you want to get the best quality for vulnerability data then you always have to consider VulDB.

3 Goyarwa · 99 Datenpunkte

FurɗeSúgá
08/13/2025 12:58		Gargadi 1/2
08/14/2025 12:28		Gargadi 2/2
08/14/2025 13:16
software_vendorPortabilisPortabilisPortabilis
software_namei-Educari-Educari-Educar
software_version<=2.10<=2.10<=2.10
software_componentEditar PageEditar PageEditar Page
software_file/intranet/educar_instituicao_cad.php/intranet/educar_instituicao_cad.php/intranet/educar_instituicao_cad.php
software_argumentneighborhood nameneighborhood nameneighborhood name
vulnerability_cweCWE-79 (Cross Site Scripting)CWE-79 (Cross Site Scripting)CWE-79 (Cross Site Scripting)
vulnerability_risk111
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prHHH
cvss3_vuldb_uiRRR
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iLLL
cvss3_vuldb_aNNN
cvss3_vuldb_ePPP
cvss3_vuldb_rcRRR
advisory_urlhttps://github.com/FeMarb/CVEs/blob/6eeefb2749bb6165557ed4664a0680456131e4de/i-educar/Cross-Site%20Scripting%20(XSS)%20Storage%20in%20endpoint%20_educar_instituicao_cad.php%20parameter%20neighborhood%20name.mdhttps://github.com/FeMarb/CVEs/blob/6eeefb2749bb6165557ed4664a0680456131e4de/i-educar/Cross-Site%20Scripting%20(XSS)%20Storage%20in%20endpoint%20_educar_instituicao_cad.php%20parameter%20neighborhood%20name.mdhttps://github.com/FeMarb/CVEs/blob/6eeefb2749bb6165557ed4664a0680456131e4de/i-educar/Cross-Site%20Scripting%20(XSS)%20Storage%20in%20endpoint%20_educar_instituicao_cad.php%20parameter%20neighborhood%20name.md
person_nameFernanda MartinsFernanda MartinsFernanda Martins
exploit_availability111
exploit_publicity111
exploit_urlhttps://github.com/FeMarb/CVEs/blob/6eeefb2749bb6165557ed4664a0680456131e4de/i-educar/Cross-Site%20Scripting%20(XSS)%20Storage%20in%20endpoint%20_educar_instituicao_cad.php%20parameter%20neighborhood%20name.mdhttps://github.com/FeMarb/CVEs/blob/6eeefb2749bb6165557ed4664a0680456131e4de/i-educar/Cross-Site%20Scripting%20(XSS)%20Storage%20in%20endpoint%20_educar_instituicao_cad.php%20parameter%20neighborhood%20name.mdhttps://github.com/FeMarb/CVEs/blob/6eeefb2749bb6165557ed4664a0680456131e4de/i-educar/Cross-Site%20Scripting%20(XSS)%20Storage%20in%20endpoint%20_educar_instituicao_cad.php%20parameter%20neighborhood%20name.md
source_cveCVE-2025-8918CVE-2025-8918CVE-2025-8918
cna_responsibleVulDBVulDBVulDB
response_summaryThe vendor was contacted early about this disclosure but did not respond in any way.The vendor was contacted early about this disclosure but did not respond in any way.The vendor was contacted early about this disclosure but did not respond in any way.
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_auMMM
cvss2_vuldb_ciNNN
cvss2_vuldb_iiPPP
cvss2_vuldb_aiNNN
cvss2_vuldb_ePOCPOCPOC
cvss2_vuldb_rcURURUR
cvss4_vuldb_avNNN
cvss4_vuldb_acLLL
cvss4_vuldb_prHHH
cvss4_vuldb_uiPPP
cvss4_vuldb_vcNNN
cvss4_vuldb_viLLL
cvss4_vuldb_vaNNN
cvss4_vuldb_ePPP
cvss2_vuldb_rlNDNDND
cvss3_vuldb_rlXXX
cvss4_vuldb_atNNN
cvss4_vuldb_scNNN
cvss4_vuldb_siNNN
cvss4_vuldb_saNNN
cvss2_vuldb_basescore3.33.33.3
cvss2_vuldb_tempscore2.82.82.8
cvss3_vuldb_basescore2.42.42.4
cvss3_vuldb_tempscore2.22.22.2
cvss3_meta_basescore2.43.23.2
cvss3_meta_tempscore2.23.13.1
cvss4_vuldb_bscore4.84.84.8
cvss4_vuldb_btscore1.91.91.9
advisory_date1755036000 (08/13/2025)1755036000 (08/13/2025)1755036000 (08/13/2025)
price_0day$0-$5k$0-$5k$0-$5k
cvss2_cna_iiPP
cvss2_cna_aiNN
cvss2_cna_basescore3.33.3
cve_nvd_summaryA vulnerability was found in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /intranet/educar_instituicao_cad.php of the component Editar Page. The manipulation of the argument neighborhood name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.A vulnerability was found in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /intranet/educar_instituicao_cad.php of the component Editar Page. The manipulation of the argument neighborhood name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
cvss4_cna_avNN
cvss4_cna_acLL
cvss4_cna_atNN
cvss4_cna_prHH
cvss4_cna_uiPP
cvss4_cna_vcNN
cvss4_cna_viLL
cvss4_cna_vaNN
cvss4_cna_scNN
cvss4_cna_siNN
cvss4_cna_saNN
cvss4_cna_bscore4.84.8
cvss3_cna_avNN
cvss3_cna_acLL
cvss3_cna_prHH
cvss3_cna_uiRR
cvss3_cna_sUU
cvss3_cna_cNN
cvss3_cna_iLL
cvss3_cna_aNN
cvss3_cna_basescore2.42.4
cvss3_nvd_avNN
cvss3_nvd_acLL
cvss3_nvd_prHH
cvss3_nvd_uiRR
cvss3_nvd_sCC
cvss3_nvd_cLL
cvss3_nvd_iLL
cvss3_nvd_aNN
cvss3_nvd_basescore4.84.8
cvss2_cna_avNN
cvss2_cna_acLL
cvss2_cna_auMM
cvss2_cna_ciNN
cve_nvd_summaryesSe encontró una vulnerabilidad en Portabilis i-Educar hasta la versión 2.10. Este problema afecta a un procesamiento desconocido del archivo /intranet/educar_instituicao_cad.php del componente Editar Page. La manipulación del argumento "neighbourname" provoca ataques de cross site scripting. El ataque puede ejecutarse en remoto. Se ha hecho público el exploit y puede que sea utilizado. Se contactó al proveedor con antelación para informarle sobre esta divulgación, pero no respondió.

GurɗoGumtiGada

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!