Vini_Castro

**Name of the Vulnerable Software and Affected Versions** projeto-siga siga version 11.0.3.18 **Description** Cross site scripting can be initiated remotely via the manipulation of the `Nome/Descrição` argument within an unknown function of the '/sigawf/app/responsavel/novo' file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Portabilis i-Educar versions up to 2.10 **Description** A weakness exists in Portabilis i-Educar up to version 2.10, specifically within the Final Status Import component. The issue involves improper authorization that can be triggered by manipulating the `school id` argument within an unknown function of the `FinalStatusImportService.php` file. This manipulation can be executed remotely. The exploit for this issue has been publicly released. The vendor was notified but did not respond. **Recommendations** Versions prior to 2.10 should be updated. As a temporary workaround, consider restricting access to the `FinalStatusImportService.php` file to minimize the risk of exploitation.