CVE-2025-10372

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: Portabilis i-Educar versions up to 2.10

Description: A weakness exists in Portabilis i-Educar up to version 2.10. The issue involves manipulation of the nm tipo/descricao argument in an unknown function of the /intranet/educar modulo cad.php file, leading to cross site scripting. This attack can be initiated remotely. The exploit has been made publicly available.

Recommendations: Versions prior to 2.10 should be updated. As a temporary workaround, restrict access to the /intranet/educar modulo cad.php file to minimize the risk of exploitation. Avoid using the nm tipo/descricao argument in the affected file until the issue is resolved.

Exploit

Fix

XSS

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-94

Related Identifiers

CVE-2025-10372

Affected Products

Portabilis I-Educar

CVE-2025-10372

Weakness Enumeration

Related Identifiers

Affected Products

References · 14