CVE-2026-4355

Name of the Vulnerable Software and Affected Versions Portabilis i-Educar version 2.11

Description A security issue exists in Portabilis i-Educar 2.11 within the Endpoint component. Manipulation of the Name argument in the file /intranet/educar servidor curso lst.php can lead to cross site scripting. The attack can be initiated remotely. The exploit is publicly available. The vendor was contacted but did not respond.

Recommendations Versions prior to 2.11 should be considered for use. At the moment, there is no information about a newer version that contains a fix for this vulnerability.