Fernanda Martins

Name of the Vulnerable Software and Affected Versions: Portabilis i-Educar versions up to 2.10 Description: A cross-site scripting issue exists due to the manipulation of the `neighborhood name` argument in the file `/intranet/educar instituicao cad.php` of the Editar Page component. The attack can be initiated remotely. The exploit has been publicly disclosed. Recommendations: Versions prior to 2.11 are affected.

Name of the Vulnerable Software and Affected Versions: Portabilis i-Diario versions prior to 1.7 Description: A cross-site scripting issue exists in Portabilis i-Diario due to manipulation of the `código/objetivo habilidade` argument within an unknown function of the `/objetivos-de-aprendizagem-e-habilidades` file of the History Page component. This allows for remote attacks. The exploit has been publicly disclosed. Recommendations: Update Portabilis i-Diario to version 1.7 or later. As a temporary workaround, restrict or sanitize input to the `código/objetivo habilidade` argument in the `/objetivos-de-aprendizagem-e-habilidades` file.

Name of the Vulnerable Software and Affected Versions: Portabilis i-Diario version 1.6 Description: A vulnerability exists in Portabilis i-Diario 1.6 within the Dicionário de Termos BNCC Page component. Manipulation of the `Planos de ensino` argument in the `/dicionario-de-termos-bncc` file leads to cross site scripting. The attack can be launched remotely and the exploit has been publicly disclosed. The vendor was contacted regarding this disclosure but did not respond. Recommendations: Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the `/dicionario-de-termos-bncc` file. Sanitize the `Planos de ensino` argument to prevent script injection.