CVE-2025-8540

Name of the Vulnerable Software and Affected Versions Portabilis i-Educar version 2.10

Description A problematic issue exists in Portabilis i-Educar 2.10 related to cross site scripting. The issue is located in the file /intranet/public municipio cad.php, where manipulation of the nome argument can trigger the vulnerability. The attack can be initiated remotely. The exploit has been publicly disclosed. The vendor was contacted regarding this disclosure but did not respond.

Recommendations As a mitigation, consider restricting or carefully validating user input for the nome argument in the /intranet/public municipio cad.php file.