Name of the Vulnerable Software and Affected Versions:

Portabilis i-Educar versions up to 2.10

Description:

A weakness exists in Portabilis i-Educar up to version 2.10. The issue is related to the manipulation of the `abreviatura/tipoacao` argument in the `/intranet/educar funcao cad.php` file within the Editar Função Page component, leading to a cross-site scripting condition. The attack can be carried out remotely. The exploit has been made publicly available.

Recommendations:

Versions prior to 2.10 should be updated.

As a temporary workaround, restrict access to the `/intranet/educar funcao cad.php` file.

Avoid using the `abreviatura/tipoacao` argument in the affected file until the issue is resolved.