CVE-2025-7868

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Portabilis i-Educar version 2.9.0

Description A cross-site scripting issue exists due to the manipulation of the Motivo argument within the Calendar Module. The vulnerability is located in the /intranet/educar calendario dia motivo cad.php file. The attack can be launched remotely. The exploit has been publicly disclosed.

Recommendations As a temporary workaround, consider restricting or carefully validating the Motivo argument to prevent malicious script injection.

Exploit

Fix

XSS

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-94

Related Identifiers

CVE-2025-7868

Affected Products

I-Educar

CVE-2025-7868

Weakness Enumeration

Related Identifiers

Affected Products

References · 15