CVE-2024-55651

Name of the Vulnerable Software and Affected Versions i-Educar version 2.9

Description i-Educar is free, fully online school management software. The application fails to properly validate and sanitize user-supplied input, leading to a stored cross-site scripting issue that resides within the Tipo de Usuário input field. Through this attacker vector, a malicious user might be able to retrieve information belonging to another user, which may lead to sensitive information leakage or other malicious actions.

Recommendations As a temporary workaround, consider restricting access to the Tipo de Usuário input field until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.