A vulnerability was found in Portabilis i-Diario 1.5.0 and classified as problematic. This issue affects some unknown processing of the file /justificativas-de-falta. The manipulation of the argument Justificativa leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-7872 is a cross-site scripting (XSS) vulnerability identified in Portabilis i-Diario version 1.5.0, an educational management software platform. The vulnerability arises from improper handling of the 'Justificativa' parameter in the /justificativas-de-falta endpoint. Specifically, the application fails to adequately sanitize or encode user-supplied input in this parameter, allowing an attacker to inject malicious scripts. When a victim accesses a crafted URL or submits manipulated input, the injected script executes in their browser context, potentially leading to session hijacking, credential theft, or unauthorized actions performed with the victim's privileges. The vulnerability is remotely exploitable without authentication, requiring only user interaction (such as clicking a malicious link). The CVSS 4.0 base score is 5.1, reflecting a medium severity level due to the ease of exploitation (network accessible, no privileges required) but limited impact on confidentiality and integrity (no direct data breach or system compromise). The vendor has been notified but has not responded or issued a patch, and no known exploits are currently observed in the wild. This lack of vendor response increases the risk of exploitation as attackers may develop and deploy exploits independently. The vulnerability affects version 1.5.0 of i-Diario, and no mitigations or patches are currently available from the vendor. Organizations using this version are exposed to potential XSS attacks targeting their users, which can undermine trust and lead to further compromise if combined with other vulnerabilities or social engineering techniques.

CVE Database V5

Detailed information about CVE-2025-7872: Cross Site Scripting in Portabilis i-Diario affecting Portabilis i-Diario. Get real-time updates, technical details, a

CVE-2025-7872: Cross Site Scripting in Portabilis i-Diario - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7872: Cross Site Scripting in Portabilis i-Diario

A vulnerability has been found in Portabilis i-Diario 1.5.0 and classified as problematic. This vulnerability affects unknown code of the file /conteudos. The manipulation of the argument filter[by_description] leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-7871 is a cross-site scripting (XSS) vulnerability identified in Portabilis i-Diario version 1.5.0, a software product likely used for educational or administrative purposes given the product name. The vulnerability arises from improper sanitization or validation of the 'filter[by_description]' parameter in the /conteudos endpoint. An attacker can remotely craft malicious input to this parameter, which is then reflected in the web application's response without adequate encoding or filtering, enabling the execution of arbitrary JavaScript code in the context of the victim's browser. The vulnerability is classified as 'problematic' with a CVSS 4.0 base score of 5.1, indicating a medium severity level. The vector details show that the attack requires no authentication (PR:L means low privileges, but AT:N means no authentication required), can be performed remotely (AV:N), and requires user interaction (UI:P), such as tricking a user into clicking a malicious link. The vulnerability impacts confidentiality and integrity to a limited extent (VC:N, VI:L), with no impact on availability. The vendor was notified but has not responded, and no patches or mitigations have been released at the time of disclosure. Although no known exploits are currently active in the wild, the public disclosure increases the risk of exploitation attempts. XSS vulnerabilities can be leveraged for session hijacking, phishing, or delivering further client-side attacks, potentially compromising user accounts or sensitive data accessible via the affected application.

Detailed information about CVE-2025-7871: Cross Site Scripting in Portabilis i-Diario affecting Portabilis i-Diario. Get real-time updates, technical details, a

CVE-2025-7871: Cross Site Scripting in Portabilis i-Diario - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7871: Cross Site Scripting in Portabilis i-Diario

A vulnerability, which was classified as problematic, was found in Portabilis i-Diario 1.5.0. This affects an unknown part of the component justificativas-de-falta Endpoint. The manipulation of the argument Anexo leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-7870 is a cross-site scripting (XSS) vulnerability identified in Portabilis i-Diario version 1.5.0, specifically within the justificativas-de-falta endpoint. The vulnerability arises from improper sanitization or validation of the 'Anexo' parameter, which an attacker can manipulate to inject malicious scripts. This flaw allows remote attackers to execute arbitrary JavaScript code in the context of the victim's browser without requiring authentication. The vulnerability is classified as 'problematic' with a CVSS 4.0 base score of 5.1, indicating a medium severity level. The attack vector is network-based (AV:N), with low attack complexity (AC:L), no privileges required (PR:L), but user interaction is necessary (UI:P). The impact primarily affects the integrity and confidentiality of user data, as malicious scripts can steal session tokens, perform actions on behalf of the user, or redirect users to malicious sites. The vendor was notified but has not responded or provided a patch, and no known exploits are currently reported in the wild. Given the public disclosure of the exploit details, the risk of exploitation may increase over time, especially if the affected software remains unpatched.

Detailed information about CVE-2025-7870: Cross Site Scripting in Portabilis i-Diario affecting Portabilis i-Diario. Get real-time updates, technical details, a

CVE-2025-7870: Cross Site Scripting in Portabilis i-Diario - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7870: Cross Site Scripting in Portabilis i-Diario

A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar 2.9.0. Affected by this issue is some unknown functionality of the file intranet/educar_turma_tipo_det.php?cod_turma_tipo=ID of the component Turma Module. The manipulation of the argument nm_tipo leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-7869 is a cross-site scripting (XSS) vulnerability identified in Portabilis i-Educar version 2.9.0, specifically within the Turma Module's functionality accessed via the file intranet/educar_turma_tipo_det.php with the parameter cod_turma_tipo. The vulnerability arises from improper sanitization or validation of the nm_tipo argument, allowing an attacker to inject malicious scripts that execute in the context of the victim's browser. This flaw can be exploited remotely without authentication, requiring only user interaction to trigger the malicious payload. The vulnerability has been publicly disclosed, but the vendor has not responded or issued a patch. The CVSS 4.0 base score is 5.1, indicating a medium severity level. The vector string shows the attack is network exploitable (AV:N), requires low attack complexity (AC:L), no privileges (PR:L) but some user interaction (UI:P), and impacts integrity and availability to a limited extent (VI:L, VA:N). The vulnerability does not affect confidentiality or system scope. Although no known exploits are currently in the wild, the public disclosure increases the risk of exploitation attempts. XSS vulnerabilities like this can be leveraged for session hijacking, phishing, or delivering further malware, especially in educational environments where i-Educar is used for managing school administrative data and user interactions.

Detailed information about CVE-2025-7869: Cross Site Scripting in Portabilis i-Educar affecting Portabilis i-Educar. Get real-time updates, technical details, a

CVE-2025-7869: Cross Site Scripting in Portabilis i-Educar - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7869: Cross Site Scripting in Portabilis i-Educar

A vulnerability was found in Metasoft 美特软件 MetaCRM up to 6.4.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file mcc_login.jsp. The manipulation of the argument workerid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Detailed information about CVE-2025-7873: SQL Injection in Metasoft 美特软件 MetaCRM affecting Metasoft 美特软件 MetaCRM. Get real-time updates, technical details, and 

CVE-2025-7873: SQL Injection in Metasoft 美特软件 MetaCRM

CVE-2025-7873: SQL Injection in Metasoft 美特软件 MetaCRM

Description

Technical Details

Related Threats

CVE-2025-7872: Cross Site Scripting in Portabilis i-Diario

CVE-2025-7871: Cross Site Scripting in Portabilis i-Diario

CVE-2025-7870: Cross Site Scripting in Portabilis i-Diario

CVE-2025-7869: Cross Site Scripting in Portabilis i-Educar

CVE-2025-7868: Cross Site Scripting in Portabilis i-Educar

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility