I Diario
Monthly
Stored cross-site scripting (XSS) in Portabilis i-Diario 1.5.0 allows authenticated users to inject malicious scripts via the Justificativa parameter in the /justificativas-de-falta endpoint, which are then executed in the browsers of other users viewing the page. The vulnerability requires user interaction (clicking a malicious link) and authenticated access, limiting its severity despite public exploit availability. EPSS exploitation probability is very low at 0.05 percentile, and the vendor has not responded to disclosure.
Stored cross-site scripting (XSS) in Portabilis i-Diario 1.5.0 allows authenticated users to inject malicious scripts via the filter[by_description] parameter in the /conteudos endpoint, which are then reflected to other users. The vulnerability requires user interaction (UI:P) to trigger but has low confidentiality impact and publicly available exploit code; however, the extremely low EPSS score (0.05%) and vendor non-responsiveness suggest limited real-world exploitation despite disclosed POC.
Cross-site scripting (XSS) in Portabilis i-Diario 1.5.0 allows authenticated users to inject malicious scripts via the Anexo parameter in the justificativas-de-falta endpoint, impacting other users who view the affected content. The vulnerability requires user interaction and authenticated access, with an EPSS score of 0.05% indicating low real-world exploitation likelihood despite public exploit availability. The vendor has not responded to disclosure communications.
Stored cross-site scripting (XSS) in Portabilis i-Diario 1.5.0 allows authenticated users to inject malicious scripts via the Justificativa parameter in the /justificativas-de-falta endpoint, which are then executed in the browsers of other users viewing the page. The vulnerability requires user interaction (clicking a malicious link) and authenticated access, limiting its severity despite public exploit availability. EPSS exploitation probability is very low at 0.05 percentile, and the vendor has not responded to disclosure.
Stored cross-site scripting (XSS) in Portabilis i-Diario 1.5.0 allows authenticated users to inject malicious scripts via the filter[by_description] parameter in the /conteudos endpoint, which are then reflected to other users. The vulnerability requires user interaction (UI:P) to trigger but has low confidentiality impact and publicly available exploit code; however, the extremely low EPSS score (0.05%) and vendor non-responsiveness suggest limited real-world exploitation despite disclosed POC.
Cross-site scripting (XSS) in Portabilis i-Diario 1.5.0 allows authenticated users to inject malicious scripts via the Anexo parameter in the justificativas-de-falta endpoint, impacting other users who view the affected content. The vulnerability requires user interaction and authenticated access, with an EPSS score of 0.05% indicating low real-world exploitation likelihood despite public exploit availability. The vendor has not responded to disclosure communications.