CVE-2025-8369

Name of the Vulnerable Software and Affected Versions Portabilis i-Educar version 2.9

Description A problematic vulnerability exists in Portabilis i-Educar 2.9. The issue affects unknown processing of the files /intranet/pesquisa pessoa lst.php and /intranet/educar avaliacao desempenho lst.php. Manipulation of the campo busca/cpf and titulo avaliacao arguments leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted regarding this disclosure but did not respond.

Recommendations For Portabilis i-Educar version 2.9, sanitize the campo busca/cpf argument in the /intranet/pesquisa pessoa lst.php file to prevent cross site scripting. For Portabilis i-Educar version 2.9, sanitize the titulo avaliacao argument in the /intranet/educar avaliacao desempenho lst.php file to prevent cross site scripting.