A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar 2.9.0. Affected by this issue is some unknown functionality of the file intranet/educar_turma_tipo_det.php?cod_turma_tipo=ID of the component Turma Module. The manipulation of the argument nm_tipo leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-7869 is a cross-site scripting (XSS) vulnerability identified in Portabilis i-Educar version 2.9.0, specifically within the Turma Module's functionality accessed via the file intranet/educar_turma_tipo_det.php with the parameter cod_turma_tipo. The vulnerability arises from improper sanitization or validation of the nm_tipo argument, allowing an attacker to inject malicious scripts that execute in the context of the victim's browser. This flaw can be exploited remotely without authentication, requiring only user interaction to trigger the malicious payload. The vulnerability has been publicly disclosed, but the vendor has not responded or issued a patch. The CVSS 4.0 base score is 5.1, indicating a medium severity level. The vector string shows the attack is network exploitable (AV:N), requires low attack complexity (AC:L), no privileges (PR:L) but some user interaction (UI:P), and impacts integrity and availability to a limited extent (VI:L, VA:N). The vulnerability does not affect confidentiality or system scope. Although no known exploits are currently in the wild, the public disclosure increases the risk of exploitation attempts. XSS vulnerabilities like this can be leveraged for session hijacking, phishing, or delivering further malware, especially in educational environments where i-Educar is used for managing school administrative data and user interactions.

CVE Database V5

Detailed information about CVE-2025-7869: Cross Site Scripting in Portabilis i-Educar affecting Portabilis i-Educar. Get real-time updates, technical details, a

CVE-2025-7869: Cross Site Scripting in Portabilis i-Educar - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7869: Cross Site Scripting in Portabilis i-Educar

A vulnerability classified as problematic was found in Portabilis i-Educar 2.9.0. Affected by this vulnerability is an unknown functionality of the file /intranet/educar_calendario_dia_motivo_cad.php of the component Calendar Module. The manipulation of the argument Motivo leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-7868 is a cross-site scripting (XSS) vulnerability identified in Portabilis i-Educar version 2.9.0, specifically within the Calendar Module component. The vulnerability arises from improper sanitization or validation of the 'Motivo' parameter in the file /intranet/educar_calendario_dia_motivo_cad.php. An attacker can remotely exploit this flaw by injecting malicious scripts into the 'Motivo' argument, which is then reflected in the web application without adequate encoding or filtering. This allows execution of arbitrary JavaScript in the context of the victim's browser session. The vulnerability does not require authentication but does require user interaction (e.g., a user visiting a crafted URL). The CVSS v4.0 base score is 5.1, indicating a medium severity level. The vendor has been notified but has not responded or provided a patch, and no known exploits are currently observed in the wild. The vulnerability impacts confidentiality and integrity to a limited extent by potentially stealing session cookies or performing actions on behalf of the user, but it does not affect availability. The attack vector is network-based with low attack complexity, and no privileges are required for exploitation. The lack of vendor response and public disclosure increases the risk of exploitation over time.

Detailed information about CVE-2025-7868: Cross Site Scripting in Portabilis i-Educar affecting Portabilis i-Educar. Get real-time updates, technical details, a

CVE-2025-7868: Cross Site Scripting in Portabilis i-Educar - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7868: Cross Site Scripting in Portabilis i-Educar

A vulnerability classified as problematic has been found in Portabilis i-Educar 2.9.0. Affected is an unknown function of the file /intranet/agenda.php of the component Agenda Module. The manipulation of the argument novo_titulo leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-7867 is a cross-site scripting (XSS) vulnerability identified in version 2.9.0 of Portabilis i-Educar, specifically within the Agenda Module's /intranet/agenda.php file. The vulnerability arises from improper sanitization or validation of the 'novo_titulo' parameter, which can be manipulated by an attacker to inject malicious scripts. This flaw allows remote attackers to execute arbitrary JavaScript in the context of the victim's browser without requiring authentication, although user interaction is necessary to trigger the payload. The vulnerability has been publicly disclosed, and while no known exploits are currently observed in the wild, the availability of the exploit code increases the risk of exploitation. The vendor has not responded to the disclosure, and no patches or mitigations have been officially released. The CVSS 4.0 base score is 5.1 (medium severity), reflecting the vulnerability's network attack vector, low attack complexity, no privileges required, but requiring user interaction and limited impact on confidentiality and integrity. The vulnerability could be leveraged to steal session cookies, perform actions on behalf of authenticated users, or conduct phishing attacks within the affected application environment.

Detailed information about CVE-2025-7867: Cross Site Scripting in Portabilis i-Educar affecting Portabilis i-Educar. Get real-time updates, technical details, a

CVE-2025-7867: Cross Site Scripting in Portabilis i-Educar - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7867: Cross Site Scripting in Portabilis i-Educar

A vulnerability was found in Portabilis i-Educar 2.9.0. It has been rated as problematic. This issue affects some unknown processing of the file /intranet/educar_deficiencia_lst.php of the component Disabilities Module. The manipulation of the argument Deficiência ou Transtorno leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-7866 is a cross-site scripting (XSS) vulnerability identified in version 2.9.0 of Portabilis i-Educar, an educational management system widely used in some educational institutions. The vulnerability resides in the Disabilities Module, specifically in the processing of the /intranet/educar_deficiencia_lst.php file. The issue arises from improper handling and sanitization of the input parameter "Deficiência ou Transtorno," which allows an attacker to inject malicious scripts. This vulnerability can be exploited remotely without authentication, requiring only user interaction to trigger the malicious payload. The CVSS 4.0 base score is 5.1, indicating a medium severity level. The attack vector is network-based with low attack complexity and no privileges required, but user interaction is necessary to execute the exploit. The vulnerability impacts the confidentiality and integrity of user sessions by potentially enabling session hijacking, credential theft, or unauthorized actions performed in the context of the victim user. The vendor has been contacted but has not responded or provided a patch, and no known exploits are currently reported in the wild. However, public disclosure of the exploit details increases the risk of exploitation.

Detailed information about CVE-2025-7866: Cross Site Scripting in Portabilis i-Educar affecting Portabilis i-Educar. Get real-time updates, technical details, a

CVE-2025-7866: Cross Site Scripting in Portabilis i-Educar - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7866: Cross Site Scripting in Portabilis i-Educar

A vulnerability, which was classified as problematic, was found in Portabilis i-Diario 1.5.0. This affects an unknown part of the component justificativas-de-falta Endpoint. The manipulation of the argument Anexo leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Detailed information about CVE-2025-7870: Cross Site Scripting in Portabilis i-Diario affecting Portabilis i-Diario. Get real-time updates, technical details, a

CVE-2025-7870: Cross Site Scripting in Portabilis i-Diario

CVE-2025-7870: Cross Site Scripting in Portabilis i-Diario

Description

Technical Details

Related Threats

CVE-2025-7869: Cross Site Scripting in Portabilis i-Educar

CVE-2025-7868: Cross Site Scripting in Portabilis i-Educar

CVE-2025-7867: Cross Site Scripting in Portabilis i-Educar

CVE-2025-7866: Cross Site Scripting in Portabilis i-Educar

CVE-2025-7865: Cross Site Scripting in thinkgem JeeSite

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility