← back
CVE-2025-9720

Portabilis i-Educar Cadastrar tabela de arredondamento edit cross site scripting

CVSS 5.1 MEDIUMEPSS 0.2%CWE-79CWE-94
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.1EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
31 Aug 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A vulnerability was detected in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/TabelaArredondamento/edit of the component Cadastrar tabela de arredondamento Page. The manipulation of the argument Nome results in cross site scripting. The attack may be performed from remote. The exploit is now public and may be used.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
Affected products
Portabilis · i-Educar

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://karinagante.github.io/cve-2025-9720/https://karinagante.github.io/cve-2025-9720/#pochttps://vuldb.com/?ctiid.322009https://vuldb.com/?id.322009https://vuldb.com/?submit.638671