CVE-2025-10584

Name of the Vulnerable Software and Affected Versions Portabilis i-Educar versions up to 2.10

Description A vulnerability exists in Portabilis i-Educar up to version 2.10. The issue is related to cross site scripting in the file /intranet/educar calendario anotacao cad.php. Manipulation of the nm anotacao/descricao argument can lead to exploitation. The attack can be launched remotely.

Recommendations Versions prior to 2.10 should be updated. As a temporary workaround, restrict access to the file /intranet/educar calendario anotacao cad.php to minimize the risk of exploitation. Avoid using the nm anotacao and descricao parameters in the affected file until the issue is resolved.