CVE-2025-8346

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Portabilis i-Educar version 2.10

Description A cross-site scripting issue exists due to the improper handling of user-supplied input. Specifically, manipulating the ref cod matricula argument with the input "> can trigger the vulnerability. The issue resides within the /educar aluno lst.php file. The exploit has been publicly disclosed and may be used. The vendor was contacted but did not respond.

Recommendations Update to a newer version of Portabilis i-Educar that addresses this issue. As a temporary workaround, sanitize the ref cod matricula input to prevent the injection of malicious code.

Exploit

Fix

XSS

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-94

Related Identifiers

CVE-2025-8346

Affected Products

Portabilis I-Educar

CVE-2025-8346

Weakness Enumeration

Related Identifiers

Affected Products

References · 8