CVE-2025-10099

Опубликовано: 08 сент. 2025

Источник: nvd

CVSS3: 2.4

CVSS3: 4.8

CVSS2: 3.3

EPSS Низкий

Описание

A weakness has been identified in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/educar_usuario_cad.php of the component Editar usuário Page. This manipulation of the argument email/data_inicial/data_expiracao causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited.

Ссылки

https://github.com/marcelomulder/CVE/blob/main/i-educar/CVE-2025-10099.md
Exploit
Third Party Advisory
https://github.com/marcelomulder/CVE/blob/main/i-educar/Cross-Site%20Scripting%20(XSS)%20Reflected%20endpoint%20%60educar_usuario_cad.php%60%20parameters%20%60email%60,%20%60data_inicial%60,%20%60data_expiracao%60.md
Broken Link
https://vuldb.com/?ctiid.323060
Permissions Required
VDB Entry
https://vuldb.com/?id.323060
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.644967
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:portabilis:i-educar:*:*:*:*:*:*:*:*

Версия до 2.10.0 (включая)

EPSS

Процентиль: 7%

0.00028

Низкий

2.4 Low

CVSS3

4.8 Medium

CVSS3

3.3 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-v7g2-xh82-qmcx

CVSS3: 2.4

github

5 месяцев назад

EPSS

Процентиль: 7%

0.00028

Низкий

2.4 Low

CVSS3

4.8 Medium

CVSS3

3.3 Low

CVSS2

Дефекты

CWE-79