CVE-2025-9724

Name of the Vulnerable Software and Affected Versions Portabilis i-Educar versions up to 2.10

Description A vulnerability exists in Portabilis i-Educar up to version 2.10. The issue impacts an unknown function within the /intranet/educar nivel ensino cad.php file. Manipulation of the nm nivel/descricao argument can lead to cross site scripting. The attack can be launched remotely. The exploit has been publicly disclosed.

Recommendations Versions prior to 2.10 should be updated. As a temporary workaround, restrict or sanitize input to the nm nivel and descricao arguments in the /intranet/educar nivel ensino cad.php file.