CVSS: 6.3EPSS: 0%CPEs: 6EXPL: 0CVE-2025-9109 – Portabilis i-Diario Password Recovery Endpoint email observable response discrepancy
https://notcve.org/view.php?id=CVE-2025-9109
18 Aug 2025 — A security flaw has been discovered in Portabilis i-Diario up to 1.5.0. Affected by this vulnerability is an unknown functionality of the file /password/email of the component Password Recovery Endpoint. The manipulation results in observable response discrepancy. It is possible to launch the attack remotely. This attack is characterized by high complexity. • https://vuldb.com/?id.320431 • CWE-203: Observable Discrepancy CWE-204: Observable Response Discrepancy •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2025-9108 – Portabilis i-Diario Login Page ui layer
https://notcve.org/view.php?id=CVE-2025-9108
18 Aug 2025 — Affected is an unknown function of the component Login Page. The manipulation leads to improper restriction of rendered ui layers. It is possible to launch the attack remotely. Es betrifft eine unbekannte Funktion der Komponente Login Page. Dank der Manipulation mit unbekannten Daten kann eine improper restriction of rendered ui layers-Schwachstelle ausgenutzt werden. • https://vuldb.com/?id.320430 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 1CVE-2025-9107 – Portabilis i-Diario search_autocomplete cross site scripting
https://notcve.org/view.php?id=CVE-2025-9107
18 Aug 2025 — A vulnerability was determined in Portabilis i-Diario up to 1.5.0. This impacts an unknown function of the file /alunos/search_autocomplete. Executing manipulation of the argument q can lead to cross site scripting. The attack may be performed from a remote location. The exploit has been publicly disclosed and may be utilized. • https://vuldb.com/?id.320429 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: 6EXPL: 1CVE-2025-9106 – Portabilis i-Diario Informações Adicionais /planos-de-ensino-por-disciplina cross site scripting
https://notcve.org/view.php?id=CVE-2025-9106
18 Aug 2025 — A vulnerability was found in Portabilis i-Diario up to 1.5.0. This affects an unknown function of the file /planos-de-ensino-por-disciplina/ of the component Informações Adicionais Page. Performing manipulation of the argument Parecer/Conteúdos/Objetivos results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made public and could be used. • https://vuldb.com/?id.320428 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: 6EXPL: 1CVE-2025-9105 – Portabilis i-Diario Informações Adicionais /planos-de-ensino-por-areas-de-conhecimento cross site scripting
https://notcve.org/view.php?id=CVE-2025-9105
18 Aug 2025 — A vulnerability has been found in Portabilis i-Diario up to 1.5.0. The impacted element is an unknown function of the file /planos-de-ensino-por-areas-de-conhecimento/ of the component Informações Adicionais Page. Such manipulation of the argument Parecer/Conteúdos/Objetivos leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?id.320427 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: 6EXPL: 1CVE-2025-9104 – Portabilis i-Diario Informações Adicionais /planos-de-aulas-por-disciplina cross site scripting
https://notcve.org/view.php?id=CVE-2025-9104
18 Aug 2025 — A flaw has been found in Portabilis i-Diario up to 1.5.0. The affected element is an unknown function of the file /planos-de-aulas-por-disciplina/ of the component Informações Adicionais Page. This manipulation of the argument Parecer/Objeto de Conhecimento/Habilidades causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been published and may be used. • https://vuldb.com/?id.320426 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: 7EXPL: 1CVE-2025-8919 – Portabilis i-Diario History objetivos-de-aprendizagem-e-habilidades cross site scripting
https://notcve.org/view.php?id=CVE-2025-8919
13 Aug 2025 — A vulnerability was determined in Portabilis i-Diario up to 1.6. Affected is an unknown function of the file /objetivos-de-aprendizagem-e-habilidades of the component History Page. The manipulation of the argument código/objetivo habilidade leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?id.319878 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: 6EXPL: 1CVE-2025-8788 – Portabilis i-Diario Informações adicionais planos-de-aula-por-areas-de-conhecimento cross site scripting
https://notcve.org/view.php?id=CVE-2025-8788
10 Aug 2025 — A vulnerability was found in Portabilis i-Diario up to 1.5.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /planos-de-aula-por-areas-de-conhecimento/ of the component Informações adicionais. The manipulation of the argument Parecer/Conteúdos/Objetivos leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/marcelomulder/CVE/blob/main/i-diario/CVE-2025-8788.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: 6EXPL: 1CVE-2025-8787 – Portabilis i-Diario Registro das atividades registros-de-conteudos-por-disciplina cross site scripting
https://notcve.org/view.php?id=CVE-2025-8787
10 Aug 2025 — A vulnerability has been found in Portabilis i-Diario up to 1.5.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /registros-de-conteudos-por-disciplina/ of the component Registro das atividades. The manipulation of the argument Registro de atividades/Conteúdos leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/marcelomulder/CVE/blob/main/i-diario/CVE-2025-8787.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: 6EXPL: 1CVE-2025-8786 – Portabilis i-Diario Registro das atividades registros-de-conteudos-por-areas-de-conhecimento cross site scripting
https://notcve.org/view.php?id=CVE-2025-8786
10 Aug 2025 — A vulnerability, which was classified as problematic, was found in Portabilis i-Diario up to 1.5.0. Affected is an unknown function of the file /registros-de-conteudos-por-areas-de-conhecimento/ of the component Registro das atividades. The manipulation of the argument Registro de atividades/Conteúdos leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/marcelomulder/CVE/blob/main/i-diario/CVE-2025-8786.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •