Raulpacxxx

**Name of the Vulnerable Software and Affected Versions** Portabilis i-Educar version 2.9.0 **Description** A problematic issue exists due to cross site scripting. The manipulation of the argument `Deficiência ou Transtorno` within the file `/intranet/educar deficiencia lst.php` of the Disabilities Module can be exploited remotely. The exploit has been publicly disclosed. **Recommendations** As a temporary workaround, consider restricting access to the `/intranet/educar deficiencia lst.php` file until a fix is available. Sanitize the `Deficiência ou Transtorno` argument to prevent the injection of malicious scripts.

**Name of the Vulnerable Software and Affected Versions** Mercusys MW301R version 1.0.2 Build 190726 Rel.59423n **Description** A vulnerability exists in the Login component of Mercusys MW301R. The issue involves improper restriction of excessive authentication attempts. The attack can only be initiated within the local network and is considered difficult to exploit. The exploit has been publicly disclosed. The vendor was contacted about this disclosure but did not respond. **Recommendations** Update to a newer version of Mercusys MW301R firmware that addresses this issue.

**Name of the Vulnerable Software and Affected Versions** Mercusys MW301R version 1.0.2 Build 190726 Rel.59423n **Description** A vulnerability exists in the Web Interface component of Mercusys MW301R. Manipulation of the `code` argument allows for weak password recovery, and the attack can be initiated remotely. The exploit for this issue has been publicly disclosed. **Recommendations** Mercusys MW301R version 1.0.2 Build 190726 Rel.59423n: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Portabilis i-Educar version 2.9.0 **Description** A cross-site scripting issue exists due to the manipulation of the `nm tipo` argument in the file `intranet/educar turma tipo det.php?cod turma tipo=ID` of the Turma Module. The attack can be launched remotely. The exploit has been publicly disclosed. **Recommendations** Address the issue by sanitizing the `nm tipo` argument in the `intranet/educar turma tipo det.php` file.

**Name of the Vulnerable Software and Affected Versions** Portabilis i-Educar version 2.9.0 **Description** A cross-site scripting issue exists due to the manipulation of the `Motivo` argument within the Calendar Module. The vulnerability is located in the `/intranet/educar calendario dia motivo cad.php` file. The attack can be launched remotely. The exploit has been publicly disclosed. **Recommendations** As a temporary workaround, consider restricting or carefully validating the `Motivo` argument to prevent malicious script injection.

**Name of the Vulnerable Software and Affected Versions** Portabilis i-Educar version 2.9.0 **Description** A problematic issue exists in the Agenda Module of Portabilis i-Educar 2.9.0. The issue is due to cross site scripting resulting from manipulation of the `novo titulo` argument in the `/intranet/agenda.php` file. This can be exploited remotely. The details of the issue have been publicly disclosed. **Recommendations** Address the manipulation of the `novo titulo` argument in the `/intranet/agenda.php` file.

Name of the Vulnerable Software and Affected Versions: Portabilis i-Educar version 2.9.0 Description: A problematic vulnerability was found in the School Module component, specifically affecting the /intranet/educar escola lst.php file. The manipulation of the `Escola` argument leads to cross-site scripting. This issue can be exploited remotely. The vendor was contacted about the disclosure but did not respond. Recommendations: For Portabilis i-Educar version 2.9.0, consider disabling access to the /intranet/educar escola lst.php file or restricting the manipulation of the `Escola` argument to minimize the risk of cross-site scripting exploitation until a patch is available.

Name of the Vulnerable Software and Affected Versions: Portabilis i-Educar version 2.9.0 Description: A problematic issue has been found in the Student Benefits Registration component, specifically in the file /intranet/educar aluno beneficio lst.php. The manipulation of the `Benefício` argument leads to cross-site scripting. This issue can be exploited remotely. The exploit has been publicly disclosed. Recommendations: For version 2.9.0, as a temporary workaround, consider restricting access to the `/intranet/educar aluno beneficio lst.php` file until a patch is available. Avoid using the `Benefício` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: Portabilis i-Educar version 2.9.0 Description: A vulnerability has been found in the component Course Module, affecting the file /intranet/educar curso det.php?cod curso=ID. The manipulation of the `Curso` argument leads to cross-site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Recommendations: For version 2.9.0, as a temporary workaround, consider restricting access to the `/intranet/educar curso det.php` endpoint until a patch is available. Avoid using the `cod curso` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Portabilis i-Educar version 2.9.0 Description: A vulnerability was found in the Function Management Module, affecting the processing of the file /intranet/educar funcao det.php?cod funcao=COD&ref cod instituicao=COD. The manipulation of the argument `Função` leads to cross-site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Recommendations: For version 2.9.0, as a temporary workaround, consider disabling the `Função` argument in the /intranet/educar funcao det.php file until a patch is available. Restrict access to the Function Management Module to minimize the risk of exploitation. Avoid using the `cod funcao` and `ref cod instituicao` parameters in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Portabilis i-Educar version 2.9.0 Description: A vulnerability was found in the Curricular Components Module of Portabilis i-Educar, affecting an unknown function of the file "/module/ComponenteCurricular/edit?id=ID". The manipulation of the `Nome` argument leads to cross-site scripting. This issue can be exploited remotely. The vendor was contacted about the disclosure but did not respond. Recommendations: For version 2.9.0, as a temporary workaround, consider restricting access to the "/module/ComponenteCurricular/edit?id=ID" endpoint to minimize the risk of exploitation. Avoid using the `Nome` argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: LabRedesCefetRJ WeGIA version 3.4.0 Description: A vulnerability has been found in the component Adicionar Unidade, specifically affecting the file /html/matPat/adicionar unidade.php. The manipulation of the argument `Insira a nova unidade` leads to cross-site scripting. The attack can be initiated remotely. The vendor was contacted about this disclosure but did not respond. Recommendations: For LabRedesCefetRJ WeGIA version 3.4.0, as a temporary workaround, consider restricting access to the `/html/matPat/adicionar unidade.php` file to minimize the risk of exploitation. Avoid using the argument `Insira a nova unidade` in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: LabRedesCefetRJ WeGIA version 3.4.0 Description: A vulnerability was found in the file /html/matPat/adicionar tipoSaida.php of the component Adicionar tipo. The manipulation of the argument `Insira o novo tipo` leads to cross site scripting. The attack may be launched remotely. Recommendations: For version 3.4.0, as a temporary workaround, consider restricting access to the `/html/matPat/adicionar tipoSaida.php` file until a patch is available. Avoid using the argument `Insira o novo tipo` in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: LabRedesCefetRJ WeGIA version 3.4.0 Description: A problematic vulnerability has been found in the Cadastro de Funcionário component, specifically affecting the /html/funcionario/cadastro funcionario.php file. The issue is related to the manipulation of the `Nome/Sobrenome` argument, which leads to cross-site scripting. This can be initiated remotely. Recommendations: For version 3.4.0, as a temporary workaround, consider restricting access to the `cadastro funcionario.php` file until a patch is available. Avoid using the `Nome/Sobrenome` argument in the affected component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: LabRedesCefetRJ WeGIA version 3.4.0 Description: A vulnerability was found in the processing of the file /html/matPat/adicionar categoria.php of the component Additional Categoria. The manipulation of the argument `Insira a nova categoria` leads to cross-site scripting. The attack may be initiated remotely. Recommendations: For version 3.4.0, as a temporary workaround, consider restricting access to the file /html/matPat/adicionar categoria.php to minimize the risk of exploitation. Avoid using the argument `Insira a nova categoria` in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: LabRedesCefetRJ WeGIA version 3.4.0 Description: A vulnerability was found in the file /html/matPat/adicionar tipoEntrada.php of the component Adicionar tipo. The manipulation of the argument `Insira o novo tipo` leads to cross site scripting. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. Recommendations: For version 3.4.0, as a temporary workaround, consider restricting access to the file /html/matPat/adicionar tipoEntrada.php to minimize the risk of exploitation. Avoid using the argument `Insira o novo tipo` in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: LabRedesCefetRJ WeGIA version 3.4.0 Description: A vulnerability was found in the Cadastro de Atendio component, specifically in the file /html/atendido/Cadastro Atendido.php. The manipulation of the `Nome/Sobrenome` argument leads to cross-site scripting. This issue can be exploited remotely. Recommendations: For version 3.4.0, consider restricting access to the vulnerable file Cadastro Atendido.php to minimize the risk of exploitation. As a temporary workaround, avoid using the `Nome/Sobrenome` argument in the affected component until a patch is available.

Name of the Vulnerable Software and Affected Versions: SourceCodester Student Result Management System version 1.0 Description: A vulnerability was found in the System Settings Page of the component, affecting an unknown functionality of the file /script/admin/system. The manipulation of the argument `School Name` leads to cross-site scripting. The attack can be launched remotely. Recommendations: For SourceCodester Student Result Management System version 1.0, as a temporary workaround, consider restricting access to the System Settings Page or disabling the manipulation of the `School Name` argument until a patch is available. Avoid using the `School Name` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SourceCodester Student Result Management System version 1.0 Description: A vulnerability was found in the Manage Students Module, affecting some unknown processing of the file /script/admin/manage students. This issue leads to cross-site scripting and can be initiated remotely. Recommendations: For SourceCodester Student Result Management System version 1.0, consider restricting access to the /script/admin/manage students file until a patch is available. As a temporary workaround, avoid using the Manage Students Module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SourceCodester My Food Recipe version 1.0 Description: A vulnerability was found in the function `addRecipeModal` of the file `/endpoint/add-recipe.php` of the component Add Recipe Page. The manipulation of the argument `Name` leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Recommendations: For version 1.0, consider disabling the `addRecipeModal` function until a patch is available. Restrict access to the `/endpoint/add-recipe.php` endpoint to minimize the risk of exploitation. Avoid using the `Name` argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.