CVE-2025-10099

Name of the Vulnerable Software and Affected Versions: Portabilis i-Educar versions up to 2.10

Description: A weakness exists in Portabilis i-Educar up to version 2.10 related to cross site scripting. The issue is located in an unknown functionality of the file /intranet/educar usuario cad.php within the Editar usuário Page component. Manipulation of the arguments email, data inicial, and data expiracao can trigger the issue. The attack can be initiated remotely, and the exploit has been made publicly available.

Recommendations: Versions prior to 2.11: At the moment, there is no information about a newer version that contains a fix for this vulnerability.