Name of the Vulnerable Software and Affected Versions:

Portabilis i-Educar versions up to 2.10

Description:

A vulnerability exists in Portabilis i-Educar that allows for cross site scripting. The issue is related to the manipulation of the `nm tipo` argument within the file `/intranet/educar tipo regime cad.php`. The attack can be initiated remotely. The exploit has been made public.

Recommendations:

Versions prior to 2.10: Sanitize the `nm tipo` argument in the `/intranet/educar tipo regime cad.php` file to prevent cross site scripting.