PT-2025-38140 · Portabilis · Portabilis I-Educar

·

CVE-2025-10591

·

Published

2025-09-17

·

Updated

2025-09-17

CVSS v3.1

5.4

Medium

VectorAV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Portabilis i-Educar versions up to 2.10
Description A weakness exists in Portabilis i-Educar up to version 2.10. The issue is related to the manipulation of the abreviatura/tipoacao argument in the /intranet/educar funcao cad.php file within the Editar Função Page component, leading to a cross-site scripting condition. The attack can be carried out remotely. The exploit has been made publicly available.
Recommendations Versions prior to 2.10 should be updated. As a temporary workaround, restrict access to the /intranet/educar funcao cad.php file. Avoid using the abreviatura/tipoacao argument in the affected file until the issue is resolved.

Exploit

Fix

XSS

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2025-10591

Affected Products

Portabilis I-Educar