Is there a public PoC exploit available for CVE-2025-7867?

Yes, a public proof-of-concept exploit is available for CVE-2025-7867. Prioritise patching immediately. EPSS: 0.1%.

Portabilis i-Educar CVE-2025-7867

Q: What is the CVSS score of CVE-2025-7867?

CVE-2025-7867 has a CVSS 4.0 base score of 2.0 (Low). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

LOW

Cross-site Scripting (XSS) (CWE-79)

2025-07-20 cna@vuldb.com

PHP XSS I Educar

2.0

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

2.0 LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Scope

Lifecycle Timeline

Analysis Generated

Apr 29, 2026 - 01:22 vuln.today

DescriptionCVE.org

A vulnerability has been found in Portabilis i-Educar 2.9.0/2.10.0. This vulnerability affects unknown code of the file /intranet/agenda.php of the component Agenda Module. The manipulation of the argument novo_titulo/novo_descricao leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Stored cross-site scripting (XSS) vulnerability in Portabilis i-Educar 2.9.0 and 2.10.0 allows authenticated users to inject malicious scripts via the novo_titulo and novo_descricao parameters in the Agenda Module (/intranet/agenda.php), which are then executed in the browsers of other users viewing the affected content. The vulnerability requires user interaction (victim must view the crafted agenda entry) and authenticated access, resulting in a low-severity impact with an EPSS exploitation probability of 0.06% percentile 19. Public exploit code is available, though vendor did not respond to early disclosure notification.

Technical ContextAI

The vulnerability exists in the Agenda Module component of Portabilis i-Educar, a PHP-based educational management system. The flaw is a classic Stored XSS (CWE-79) in the /intranet/agenda.php file where user-supplied input from novo_titulo and novo_descricao parameters is not properly sanitized or encoded before being stored in the database and subsequently rendered in HTML context to other users. This represents a failure in input validation and output encoding - the application accepts arbitrary HTML/JavaScript in agenda fields without filtering dangerous tags or entities, then displays them without proper escaping when other authenticated users view the agenda. The affected versions (2.9.0 and 2.10.0, per CPE identifiers) share this vulnerable code path in the Agenda Module functionality.

RemediationAI

No vendor-released patch has been identified; the vendor did not respond to early disclosure notification. Immediate remediation requires implementing input validation and output encoding: developers should modify the Agenda Module to sanitize novo_titulo and novo_descricao parameters using a whitelist-based HTML sanitizer (e.g., HTMLPurifier for PHP) on input, and apply HTML entity encoding (htmlspecialchars with ENT_QUOTES flag) on output rendering. For administrators unable to patch immediately, implement compensating controls: restrict Agenda Module access to trusted administrator accounts only via access control lists, disable the Agenda Module feature entirely if unused, or deploy a Web Application Firewall (WAF) with XSS filtering rules to block script tags in POST requests to /intranet/agenda.php (trade-off: may block legitimate rich-text content if agenda supports HTML formatting). Code review of all user input handling in the Agenda Module is recommended to identify similar input validation gaps. Organizations should contact Portabilis directly to request patched versions or migration guidance.

More from same product – last 7 days

CVE-2026-49952 CRITICAL Act Now POC

9.3 Jun 15

Authentication bypass in Discuz! X5.0 releases 20260320 through 20260501 allows unauthenticated remote attackers to acce

CVE-2026-49954 HIGH This Week POC

8.6 Jun 15

Authenticated remote code execution in Discuz! X5.0 releases 20260320 through 20260501 allows administrators to chain a

CVE-2026-49768 CRITICAL Act Now

9.8 Jun 15

Unauthenticated PHP Object Injection in the Happyforms WordPress plugin (versions <= 1.26.13) allows remote attackers to

CVE-2026-27053 CRITICAL Act Now

9.8 Jun 15

Unauthenticated PHP Object Injection in the Broadcast Live Video WordPress plugin (versions prior to 7.1.3) allows remot

CVE-2026-49104 CRITICAL Act Now

9.8 Jun 15

Unauthenticated PHP object injection in the WordPress plugin 'Integration for Keap/Infusionsoft and Contact Form 7, WPFo

CVE-2025-7867 vulnerability details – vuln.today

Back

Portabilis i-Educar CVE-2025-7867

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

More from same product – last 7 days

Share

External POC / Exploit Code