CVE-2024-55239

Name of the Vulnerable Software and Affected Versions Portabilis i-Educar version 2.9

Description A reflected Cross-Site Scripting issue exists in the standard documentation upload functionality, allowing an attacker to craft malicious URLs with arbitrary javascript in the titulo documento parameter. This enables the manipulation of URLs to inject malicious scripts.

Recommendations For Portabilis i-Educar version 2.9, as a temporary workaround, consider restricting access to the documentation upload functionality until a patch is available. Avoid using the titulo documento parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.