CVE-2024-12893

Name of the Vulnerable Software and Affected Versions Portabilis i-Educar versions up to 2.9

Description A problematic issue has been found in Portabilis i-Educar, affecting some unknown functionality of the file /usuarios/tipos/2 of the component Tipo de Usuário Page. The manipulation of the name argument leads to cross-site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Recommendations For Portabilis i-Educar versions up to 2.9, as a temporary workaround, consider restricting access to the /usuarios/tipos/2 file of the Tipo de Usuário Page component until a patch is available. Avoid using the name argument in the affected functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.