CVE-2025-7866: Cross Site Scripting in Portabilis i-Educar
A vulnerability was found in Portabilis i-Educar 2.9.0. It has been rated as problematic. This issue affects some unknown processing of the file /intranet/educar_deficiencia_lst.php of the component Disabilities Module. The manipulation of the argument Deficiência ou Transtorno leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-7866: Cross Site Scripting in Portabilis i-Educar
Description
A vulnerability was found in Portabilis i-Educar 2.9.0. It has been rated as problematic. This issue affects some unknown processing of the file /intranet/educar_deficiencia_lst.php of the component Disabilities Module. The manipulation of the argument Deficiência ou Transtorno leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- VulDB
- Date Reserved
- 2025-07-19T05:52:39.472Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 687c6a04a83201eaac00d1db
Added to database: 7/20/2025, 4:01:08 AM
Last updated: 7/20/2025, 4:01:08 AM
Views: 1
Related Threats
CVE-2025-7865: Cross Site Scripting in thinkgem JeeSite
MediumCVE-2025-7864: Unrestricted Upload in thinkgem JeeSite
MediumCVE-2025-7863: Open Redirect in thinkgem JeeSite
MediumCVE-2025-7862: Missing Authentication in TOTOLINK T6
MediumCVE-2025-54314: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in rubyonrails Thor
LowActions
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.