CVE-2025-7867 is a cross-site scripting (XSS) vulnerability identified in the Portabilis i-Educar software versions 2.9.0 and 2.10.0, specifically within the Agenda Module's /intranet/agenda.php file. The vulnerability arises due to improper sanitization or validation of user-supplied input in the parameters novo_titulo and novo_descricao. An attacker can remotely exploit this flaw by injecting malicious scripts into these parameters, which are then executed in the context of the victim's browser when viewing the affected page. This type of vulnerability can lead to session hijacking, defacement, or redirection to malicious sites, potentially compromising user confidentiality and integrity. The vulnerability requires no authentication but does require user interaction (victim must access the maliciously crafted page). The CVSS 4.0 score is 5.1 (medium severity), reflecting network attack vector, low attack complexity, no privileges required, but user interaction is necessary. The vendor has been contacted but has not responded or provided a patch, and no known exploits are currently observed in the wild. The public disclosure of the exploit increases the risk of exploitation, especially in environments where the affected versions are deployed without mitigations.

For European organizations using Portabilis i-Educar versions 2.9.0 or 2.10.0, this vulnerability poses a moderate risk. As i-Educar is an educational management system, exploitation could lead to unauthorized access to session tokens or credentials of educators, administrators, or students, potentially enabling further attacks such as privilege escalation or data theft. The confidentiality and integrity of sensitive educational data and user accounts could be compromised. While the vulnerability does not directly impact availability, successful exploitation could facilitate phishing or malware delivery within the institution's network. Given the public disclosure and lack of vendor response, organizations may face increased risk from opportunistic attackers. The impact is particularly relevant for institutions with web-facing intranet portals or where users access the agenda module remotely. The medium severity rating suggests that while the threat is not critical, it should be addressed promptly to prevent exploitation and protect user data.

European organizations should implement specific mitigations beyond generic advice: 1) Immediate input validation and output encoding: Implement server-side input sanitization for the novo_titulo and novo_descricao parameters to neutralize malicious scripts. 2) Deploy Web Application Firewalls (WAFs) with custom rules to detect and block XSS payloads targeting the agenda.php endpoint. 3) Restrict access to the intranet agenda module to trusted networks or VPNs to reduce exposure. 4) Educate users to avoid clicking on suspicious links related to the agenda module until a patch is available. 5) Monitor logs for unusual requests or script injection attempts targeting the affected parameters. 6) If feasible, temporarily disable or restrict the agenda module functionality until a vendor patch or workaround is released. 7) Engage with Portabilis or community forums to track patch releases or unofficial fixes. These targeted actions will reduce the attack surface and mitigate the risk while awaiting an official patch.