Описание
A vulnerability was determined in Portabilis i-Educar up to 2.10. Affected is an unknown function of the file /intranet/educar_transferencia_tipo_cad.php of the component Cadastrar tipo de transferência Page. This manipulation of the argument nm_tipo/desc_tipo causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
A vulnerability was determined in Portabilis i-Educar up to 2.10. Affected is an unknown function of the file /intranet/educar_transferencia_tipo_cad.php of the component Cadastrar tipo de transferência Page. This manipulation of the argument nm_tipo/desc_tipo causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-9652
- https://github.com/KarinaGante/KGSec/blob/main/CVEs/i-educar/13.md
- https://karinagante.github.io/cve-2025-9652
- https://karinagante.github.io/cve-2025-9652/#proof-of-concept-poc
- https://vuldb.com/?ctiid.321860
- https://vuldb.com/?id.321860
- https://vuldb.com/?submit.636956
Связанные уязвимости
A vulnerability was determined in Portabilis i-Educar up to 2.10. Affected is an unknown function of the file /intranet/educar_transferencia_tipo_cad.php of the component Cadastrar tipo de transferência Page. This manipulation of the argument nm_tipo/desc_tipo causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.