A vulnerability, which was classified as problematic, was found in Portabilis i-Diario 1.5.0. This affects an unknown part of the component justificativas-de-falta Endpoint. The manipulation of the argument Anexo leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-7870 is a cross-site scripting (XSS) vulnerability identified in Portabilis i-Diario version 1.5.0, specifically within the justificativas-de-falta endpoint. The vulnerability arises from improper sanitization or validation of the 'Anexo' parameter, which an attacker can manipulate to inject malicious scripts. This flaw allows remote attackers to execute arbitrary JavaScript code in the context of the victim's browser without requiring authentication. The vulnerability is classified as 'problematic' with a CVSS 4.0 base score of 5.1, indicating a medium severity level. The attack vector is network-based (AV:N), with low attack complexity (AC:L), no privileges required (PR:L), but user interaction is necessary (UI:P). The impact primarily affects the integrity and confidentiality of user data, as malicious scripts can steal session tokens, perform actions on behalf of the user, or redirect users to malicious sites. The vendor was notified but has not responded or provided a patch, and no known exploits are currently reported in the wild. Given the public disclosure of the exploit details, the risk of exploitation may increase over time, especially if the affected software remains unpatched.

CVE Database V5

Detailed information about CVE-2025-7870: Cross Site Scripting in Portabilis i-Diario affecting Portabilis i-Diario. Get real-time updates, technical details, a

CVE-2025-7870: Cross Site Scripting in Portabilis i-Diario - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7870: Cross Site Scripting in Portabilis i-Diario

A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar 2.9.0. Affected by this issue is some unknown functionality of the file intranet/educar_turma_tipo_det.php?cod_turma_tipo=ID of the component Turma Module. The manipulation of the argument nm_tipo leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-7869 is a cross-site scripting (XSS) vulnerability identified in Portabilis i-Educar version 2.9.0, specifically within the Turma Module's functionality accessed via the file intranet/educar_turma_tipo_det.php with the parameter cod_turma_tipo. The vulnerability arises from improper sanitization or validation of the nm_tipo argument, allowing an attacker to inject malicious scripts that execute in the context of the victim's browser. This flaw can be exploited remotely without authentication, requiring only user interaction to trigger the malicious payload. The vulnerability has been publicly disclosed, but the vendor has not responded or issued a patch. The CVSS 4.0 base score is 5.1, indicating a medium severity level. The vector string shows the attack is network exploitable (AV:N), requires low attack complexity (AC:L), no privileges (PR:L) but some user interaction (UI:P), and impacts integrity and availability to a limited extent (VI:L, VA:N). The vulnerability does not affect confidentiality or system scope. Although no known exploits are currently in the wild, the public disclosure increases the risk of exploitation attempts. XSS vulnerabilities like this can be leveraged for session hijacking, phishing, or delivering further malware, especially in educational environments where i-Educar is used for managing school administrative data and user interactions.

Detailed information about CVE-2025-7869: Cross Site Scripting in Portabilis i-Educar affecting Portabilis i-Educar. Get real-time updates, technical details, a

CVE-2025-7869: Cross Site Scripting in Portabilis i-Educar - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7869: Cross Site Scripting in Portabilis i-Educar

A vulnerability classified as problematic was found in Portabilis i-Educar 2.9.0. Affected by this vulnerability is an unknown functionality of the file /intranet/educar_calendario_dia_motivo_cad.php of the component Calendar Module. The manipulation of the argument Motivo leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-7868 is a cross-site scripting (XSS) vulnerability identified in Portabilis i-Educar version 2.9.0, specifically within the Calendar Module component. The vulnerability arises from improper sanitization or validation of the 'Motivo' parameter in the file /intranet/educar_calendario_dia_motivo_cad.php. An attacker can remotely exploit this flaw by injecting malicious scripts into the 'Motivo' argument, which is then reflected in the web application without adequate encoding or filtering. This allows execution of arbitrary JavaScript in the context of the victim's browser session. The vulnerability does not require authentication but does require user interaction (e.g., a user visiting a crafted URL). The CVSS v4.0 base score is 5.1, indicating a medium severity level. The vendor has been notified but has not responded or provided a patch, and no known exploits are currently observed in the wild. The vulnerability impacts confidentiality and integrity to a limited extent by potentially stealing session cookies or performing actions on behalf of the user, but it does not affect availability. The attack vector is network-based with low attack complexity, and no privileges are required for exploitation. The lack of vendor response and public disclosure increases the risk of exploitation over time.

Detailed information about CVE-2025-7868: Cross Site Scripting in Portabilis i-Educar affecting Portabilis i-Educar. Get real-time updates, technical details, a

CVE-2025-7868: Cross Site Scripting in Portabilis i-Educar - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7868: Cross Site Scripting in Portabilis i-Educar

A vulnerability classified as problematic has been found in Portabilis i-Educar 2.9.0. Affected is an unknown function of the file /intranet/agenda.php of the component Agenda Module. The manipulation of the argument novo_titulo leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-7867 is a cross-site scripting (XSS) vulnerability identified in version 2.9.0 of Portabilis i-Educar, specifically within the Agenda Module's /intranet/agenda.php file. The vulnerability arises from improper sanitization or validation of the 'novo_titulo' parameter, which can be manipulated by an attacker to inject malicious scripts. This flaw allows remote attackers to execute arbitrary JavaScript in the context of the victim's browser without requiring authentication, although user interaction is necessary to trigger the payload. The vulnerability has been publicly disclosed, and while no known exploits are currently observed in the wild, the availability of the exploit code increases the risk of exploitation. The vendor has not responded to the disclosure, and no patches or mitigations have been officially released. The CVSS 4.0 base score is 5.1 (medium severity), reflecting the vulnerability's network attack vector, low attack complexity, no privileges required, but requiring user interaction and limited impact on confidentiality and integrity. The vulnerability could be leveraged to steal session cookies, perform actions on behalf of authenticated users, or conduct phishing attacks within the affected application environment.

Detailed information about CVE-2025-7867: Cross Site Scripting in Portabilis i-Educar affecting Portabilis i-Educar. Get real-time updates, technical details, a

CVE-2025-7867: Cross Site Scripting in Portabilis i-Educar - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7867: Cross Site Scripting in Portabilis i-Educar

A vulnerability has been found in Portabilis i-Diario 1.5.0 and classified as problematic. This vulnerability affects unknown code of the file /conteudos. The manipulation of the argument filter[by_description] leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Detailed information about CVE-2025-7871: Cross Site Scripting in Portabilis i-Diario affecting Portabilis i-Diario. Get real-time updates, technical details, a

CVE-2025-7871: Cross Site Scripting in Portabilis i-Diario

CVE-2025-7871: Cross Site Scripting in Portabilis i-Diario

Description

Technical Details

Related Threats

CVE-2025-7870: Cross Site Scripting in Portabilis i-Diario

CVE-2025-7869: Cross Site Scripting in Portabilis i-Educar

CVE-2025-7868: Cross Site Scripting in Portabilis i-Educar

CVE-2025-7867: Cross Site Scripting in Portabilis i-Educar

CVE-2025-7866: Cross Site Scripting in Portabilis i-Educar

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility