Saipe

**Name of the Vulnerable Software and Affected Versions** Portabilis i-Educar version 2.11 **Description** A security issue exists in Portabilis i-Educar 2.11 within the Endpoint component. Manipulation of the `Name` argument in the file /intranet/educar servidor curso lst.php can lead to cross site scripting. The attack can be initiated remotely. The exploit is publicly available. The vendor was contacted but did not respond. **Recommendations** Versions prior to 2.11 should be considered for use. At the moment, there is no information about a newer version that contains a fix for this vulnerability.