Name of the Vulnerable Software and Affected Versions:

Portabilis i-Educar version 2.10

Description:

A problematic issue exists in Portabilis i-Educar 2.10 related to cross site scripting. The issue is located in the file `/intranet/public municipio cad.php`, where manipulation of the `nome` argument can trigger the vulnerability. The attack can be initiated remotely. The exploit has been publicly disclosed. The vendor was contacted regarding this disclosure but did not respond.

Recommendations:

As a mitigation, consider restricting or carefully validating user input for the `nome` argument in the `/intranet/public municipio cad.php` file.