CVSS: 4.8EPSS: 0%CPEs: 11EXPL: 1CVE-2025-8918 – Portabilis i-Educar Editar educar_instituicao_cad.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-8918
13 Aug 2025 — A vulnerability was found in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /intranet/educar_instituicao_cad.php of the component Editar Page. The manipulation of the argument neighborhood name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?id.319877 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 10EXPL: 1CVE-2025-8790 – Portabilis i-Educar API Endpoint pessoa improper authorization
https://notcve.org/view.php?id=CVE-2025-8790
10 Aug 2025 — A vulnerability was found in Portabilis i-Educar up to 2.9.0. It has been declared as critical. This vulnerability affects unknown code of the file /module/Api/pessoa of the component API Endpoint. The manipulation of the argument ID leads to improper authorization. The attack can be initiated remotely. • https://github.com/CVE-Hunters/CVE/blob/main/i-educar/CVE-2025-8790.md • CWE-266: Incorrect Privilege Assignment CWE-285: Improper Authorization •
CVSS: 5.3EPSS: 0%CPEs: 10EXPL: 1CVE-2025-8789 – Portabilis i-Educar API Endpoint Diario authorization
https://notcve.org/view.php?id=CVE-2025-8789
10 Aug 2025 — A vulnerability was found in Portabilis i-Educar up to 2.9.0. It has been classified as problematic. This affects an unknown part of the file /module/Api/Diario of the component API Endpoint. The manipulation leads to authorization bypass. It is possible to initiate the attack remotely. • https://github.com/CVE-Hunters/CVE/blob/main/i-educar/CVE-2025-8789.md • CWE-285: Improper Authorization CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 5.1EPSS: 0%CPEs: 10EXPL: 1CVE-2025-8785 – Portabilis i-Educar educar_usuario_lst.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-8785
09 Aug 2025 — A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar up to 2.9. This issue affects some unknown processing of the file /intranet/educar_usuario_lst.php. The manipulation of the argument nm_pessoa/matricula/matricula_interna leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/marcelomulder/CVE/blob/main/i-educar/CVE-2025-8785.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.4EPSS: 0%CPEs: 10EXPL: 1CVE-2025-8784 – Portabilis i-Educar Cadastrar Vínculo funcionario_vinculo_cad.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-8784
09 Aug 2025 — A vulnerability classified as problematic was found in Portabilis i-Educar up to 2.9. This vulnerability affects unknown code of the file /intranet/funcionario_vinculo_cad.php of the component Cadastrar Vínculo Page. The manipulation of the argument nome leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/marcelomulder/CVE/blob/main/i-educar/CVE-2025-8784.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-8545 – Portabilis i-Educar educar_motivo_afastamento_cad.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-8545
05 Aug 2025 — A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar 2.10. Affected by this issue is some unknown functionality of the file /intranet/educar_motivo_afastamento_cad.php. The manipulation of the argument nm_motivo leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://karinagante.github.io/cve-2025-8545 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-8544 – Portabilis i-Educar edit cross site scripting
https://notcve.org/view.php?id=CVE-2025-8544
05 Aug 2025 — A vulnerability classified as problematic was found in Portabilis i-Educar 2.10. Affected by this vulnerability is an unknown functionality of the file /module/RegraAvaliacao/edit. The manipulation of the argument nome leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://karinagante.github.io/cve-2025-8544 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-8543 – Portabilis i-Educar educar_raca_cad.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-8543
05 Aug 2025 — A vulnerability classified as problematic has been found in Portabilis i-Educar 2.10. Affected is an unknown function of the file /intranet/educar_raca_cad.php. The manipulation of the argument nm_raca leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://karinagante.github.io/cve-2025-8543 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-8542 – Portabilis i-Educar empresas_cad.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-8542
05 Aug 2025 — A vulnerability was found in Portabilis i-Educar 2.10. It has been rated as problematic. This issue affects some unknown processing of the file /intranet/empresas_cad.php. The manipulation of the argument fantasia/razao_social leads to cross site scripting. The attack may be initiated remotely. • https://karinagante.github.io/cve-2025-8542 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-8541 – Portabilis i-Educar public_uf_cad.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-8541
05 Aug 2025 — A vulnerability was found in Portabilis i-Educar 2.10. It has been declared as problematic. This vulnerability affects unknown code of the file /intranet/public_uf_cad.php. The manipulation of the argument nome leads to cross site scripting. The attack can be initiated remotely. • https://karinagante.github.io/cve-2025-8541 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •