Portabilis i-Educar CVE-2025-7869
LOWSeverity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar 2.9.0. Affected by this issue is some unknown functionality of the file intranet/educar_turma_tipo_det.php?cod_turma_tipo=ID of the component Turma Module. The manipulation of the argument nm_tipo leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Stored cross-site scripting in Portabilis i-Educar 2.9.0 allows authenticated remote attackers to inject malicious scripts via the nm_tipo parameter in the Turma Module administrative interface. The vulnerability requires user interaction and affects the integrity of application data. Publicly available exploit code exists, and the vendor has not responded to disclosure.
Technical ContextAI
The vulnerability exists in the intranet/educar_turma_tipo_det.php script within the Turma (Class Type) administrative module of i-Educar, a PHP-based educational institution management system. The application fails to properly sanitize or encode the nm_tipo (class type name) parameter before reflecting it in the administrative interface. This represents a classic reflected XSS vulnerability (CWE-79) where untrusted user input is directly output to the HTML response without encoding, allowing script execution in the context of an authenticated administrator's session.
RemediationAI
Upgrade Portabilis i-Educar to a patched version released after 2.9.0. As the vendor did not respond to disclosure, check the official Portabilis repository or contact vendor support for the next available stable release. As an interim compensating control on i-Educar 2.9.0, restrict administrative access to the intranet/educar_turma_tipo_det.php script to trusted internal IP ranges using a web application firewall or reverse proxy, which will limit the attack surface to insider threats. Additionally, implement content security policy (CSP) headers to restrict inline script execution. However, these controls do not eliminate the vulnerability and patch deployment should remain the priority.
More from same product – last 7 days
Authentication bypass in Discuz! X5.0 releases 20260320 through 20260501 allows unauthenticated remote attackers to acce
Authenticated remote code execution in Discuz! X5.0 releases 20260320 through 20260501 allows administrators to chain a
Unauthenticated PHP Object Injection in the Happyforms WordPress plugin (versions <= 1.26.13) allows remote attackers to
Unauthenticated PHP Object Injection in the Broadcast Live Video WordPress plugin (versions prior to 7.1.3) allows remot
Unauthenticated PHP object injection in the WordPress plugin 'Integration for Keap/Infusionsoft and Contact Form 7, WPFo
Share
External POC / Exploit Code
Leaving vuln.today