CVE-2025-8541

CVSS v3.1

4.8

Medium

Vector

AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Portabilis i-Educar version 2.10

Description A vulnerability exists in Portabilis i-Educar 2.10 related to cross site scripting. The issue is located in the /intranet/public uf cad.php file, where manipulation of the nome argument can trigger the vulnerability. The attack can be initiated remotely. The exploit has been publicly disclosed.

Recommendations As a temporary workaround, consider restricting access to the /intranet/public uf cad.php file until a patch is available. Sanitize the nome argument to prevent the injection of malicious scripts.

Exploit

Fix

XSS

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-94

Related Identifiers

CVE-2025-8541

Affected Products

Portabilis I-Educar

CVE-2025-8541

Weakness Enumeration

Related Identifiers

Affected Products

References · 11