exploitDog

GHSA-5fhv-xmq2-vprc

Опубликовано: 09 дек. 2025

Источник: github

Github: Не прошло ревью

CVSS4: 4.8

CVSS3: 4.8

Описание

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Portabilis i-Educar allows Stored Cross-Site Scripting (XSS) via the matricula_interna parameter in the educar_usuario_cad.php endpoint. This issue affects i-Educar: 2.10.0.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Portabilis i-Educar allows Stored Cross-Site Scripting (XSS) via the matricula_interna parameter in the educar_usuario_cad.php endpoint. This issue affects i-Educar: 2.10.0.

Ссылки

EPSS

Процентиль: 12%

0.0004

Низкий

4.8 Medium

CVSS4

4.8 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2025-9638

CVSS3: 4.8

nvd

2 месяца назад

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Portabilis i-Educar allows Stored Cross-Site Scripting (XSS) via the matricula_interna parameter in the educar_usuario_cad.php endpoint. This issue affects i-Educar: 2.10.0.

EPSS

Процентиль: 12%

0.0004

Низкий

4.8 Medium

CVSS4

4.8 Medium

CVSS3

CVE ID

Дефекты

CWE-79