CVE-2025-8544

CVSS v3.1

4.8

Medium

Vector

AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Portabilis i-Educar version 2.10

Description A cross site scripting issue exists in an unknown functionality of the file /module/RegraAvaliacao/edit. Manipulation of the nome argument can lead to exploitation. The exploit has been publicly disclosed. The vendor was contacted but did not respond.

Recommendations As a temporary workaround, consider restricting access to the /module/RegraAvaliacao/edit file until a fix is available. Sanitize the nome argument to prevent the injection of malicious scripts.

Exploit

Fix

XSS

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-94

Related Identifiers

CVE-2025-8544

Affected Products

I-Educar

CVE-2025-8544

Weakness Enumeration

Related Identifiers

Affected Products

References · 10