CVE-2025-9105

Name of the Vulnerable Software and Affected Versions: Portabilis i-Diario versions up to 1.5.0

Description: A vulnerability exists in Portabilis i-Diario that allows for cross site scripting. The issue is located in the Informações Adicionais Page component, specifically within the /planos-de-ensino-por-areas-de-conhecimento/ file. Manipulation of the Parecer/Conteúdos/Objetivos argument can trigger the vulnerability. The attack can be initiated remotely, and the exploit has been publicly disclosed. The vendor was notified but did not respond.

Recommendations: Portabilis i-Diario versions prior to 1.5.1: Sanitize or properly encode the Parecer/Conteúdos/Objetivos argument to prevent the injection of malicious scripts. Portabilis i-Diario versions prior to 1.5.1: Implement strict input validation on the Parecer/Conteúdos/Objetivos argument to ensure it conforms to expected data types and formats.