CVE-2023-5578

Name of the Vulnerable Software and Affected Versions Portábilis i-Educar versions up to 2.7.5

Description A vulnerability was found in the HTTP GET Request Handler component, specifically in the file intranetagenda imprimir.php. The manipulation of the cod agenda argument with malicious input leads to cross-site scripting. The attack can be launched remotely. The exploit has been disclosed to the public.

Recommendations For versions up to 2.7.5, consider disabling the cod agenda argument in the HTTP GET Request Handler to minimize the risk of exploitation until a patch is available. Restrict access to the intranetagenda imprimir.php file to prevent remote attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.