Name of the Vulnerable Software and Affected Versions:

Portabilis i-Educar versions up to 2.10

Description:

A security flaw exists in Portabilis i-Educar up to version 2.10. The flaw is related to cross site scripting, triggered by manipulating the `ref pessoa` argument of an unknown function within the `/intranet/educar usuario det.php` file. This attack can be executed remotely. The exploit has been released publicly.

Recommendations:

Versions prior to 2.10 should be updated.

As a temporary workaround, restrict access to the `/intranet/educar usuario det.php` file.

Sanitize the `ref pessoa` argument to prevent the injection of malicious scripts.