Name of the Vulnerable Software and Affected Versions:

Portabilis i-Educar versions up to 2.10

Description:

A cross site scripting issue exists in Portabilis i-Educar up to version 2.10. The issue is located in an unknown function within the `/intranet/educar transferencia tipo cad.php` file of the Cadastrar tipo de transferência Page component. Manipulation of the `nm tipo`/`desc tipo` argument can trigger the issue, allowing for remote attacks. The exploit has been publicly disclosed.

Recommendations:

Versions prior to 2.10 should be updated. As a temporary workaround, consider restricting access to the `/intranet/educar transferencia tipo cad.php` file.