CVE-2025-9107

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: Portabilis i-Diario versions up to 1.5.0

Description: A vulnerability exists in Portabilis i-Diario up to version 1.5.0, impacting an unknown function within the /alunos/search autocomplete file. Manipulation of the q argument can lead to Cross-Site Scripting (XSS). The attack can be executed remotely, and the exploit has been publicly disclosed and may be utilized. The vendor was contacted regarding this disclosure but did not respond.

Recommendations: Portabilis i-Diario versions prior to 1.5.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-94

Related Identifiers

CVE-2025-9107

Affected Products

I-Diario

CVE-2025-9107

Weakness Enumeration

Related Identifiers

Affected Products

References · 14