CVE-2025-10372

Name of the Vulnerable Software and Affected Versions: Portabilis i-Educar versions up to 2.10

Description: A weakness exists in Portabilis i-Educar up to version 2.10. The issue involves manipulation of the nm tipo/descricao argument in an unknown function of the /intranet/educar modulo cad.php file, leading to cross site scripting. This attack can be initiated remotely. The exploit has been made publicly available.

Recommendations: Versions prior to 2.10 should be updated. As a temporary workaround, restrict access to the /intranet/educar modulo cad.php file to minimize the risk of exploitation. Avoid using the nm tipo/descricao argument in the affected file until the issue is resolved.