Name of the Vulnerable Software and Affected Versions:

Portabilis i-Educar versions prior to 2.11

Description:

A cross site scripting issue exists in Portabilis i-Educar up to version 2.10. The issue is related to the manipulation of the `Tipos de Usuário/Descrição` argument within an unknown function of the `/usuarios/tipos/` file. This can be initiated remotely.

Recommendations:

Update to version 2.11 or later.

As a temporary workaround, restrict manipulation of the `Tipos de Usuário/Descrição` argument.