CVE-2025-8370

Name of the Vulnerable Software and Affected Versions Portabilis i-Educar version 2.9

Description A problematic issue exists in Portabilis i-Educar 2.9. The vulnerability is located in the /intranet/educar escolaridade lst.php file. Manipulation of the descricao parameter can lead to cross-site scripting. The attack can be executed remotely. The exploit has been publicly disclosed and may be used. The vendor was contacted but did not respond.

Recommendations As a mitigation, consider restricting or disabling access to the /intranet/educar escolaridade lst.php file. Avoid using the descricao parameter in the affected file until the issue is resolved.