CVE-2025-10591

Name of the Vulnerable Software and Affected Versions Portabilis i-Educar versions up to 2.10

Description A weakness exists in Portabilis i-Educar up to version 2.10. The issue is related to the manipulation of the abreviatura/tipoacao argument in the /intranet/educar funcao cad.php file within the Editar Função Page component, leading to a cross-site scripting condition. The attack can be carried out remotely. The exploit has been made publicly available.

Recommendations Versions prior to 2.10 should be updated. As a temporary workaround, restrict access to the /intranet/educar funcao cad.php file. Avoid using the abreviatura/tipoacao argument in the affected file until the issue is resolved.