CVE-2025-8784

Name of the Vulnerable Software and Affected Versions: Portabilis i-Educar versions up to 2.9

Description: A problematic issue exists in Portabilis i-Educar up to version 2.9, specifically within the Cadastrar Vínculo Page. The issue involves the manipulation of the nome argument in the /intranet/funcionario vinculo cad.php file, leading to cross site scripting. This attack can be initiated remotely. The exploit has been publicly disclosed. The vendor was contacted regarding this disclosure but did not respond.

Recommendations: Versions prior to 2.9 should be updated. As a temporary workaround, consider restricting access to the /intranet/funcionario vinculo cad.php file. Sanitize the nome parameter to prevent the injection of malicious scripts.