cbcvebase.

Portabilis I-Educar vulnerabilities

94 known vulnerabilities affecting portabilis/i-educar.

Total CVEs
94
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH30MEDIUM63LOW1

Vulnerabilities

Page 5 of 5
CVE-2025-8543P4MEDIUMCVSS 4.8v2.10.0v2.102025-08-05
CVE-2025-8543 [MEDIUM] CWE-79 CVE-2025-8543: A vulnerability classified as problematic has been found in Portabilis i-Educar 2.10. Affected is an A vulnerability classified as problematic has been found in Portabilis i-Educar 2.10. Affected is an unknown function of the file /intranet/educar_raca_cad.php. The manipulation of the argument nm_raca leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor wa
nvd
CVE-2025-10073P4MEDIUMCVSS 4.3≤ 2.10.0v2.0+10 more2025-09-08
CVE-2025-10073 [MEDIUM] CWE-266 CVE-2025-10073: A vulnerability was determined in Portabilis i-Educar up to 2.10. Impacted is an unknown function of A vulnerability was determined in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/Api/turma. Executing manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.
nvd
CVE-2025-8545P4MEDIUMCVSS 4.8v2.10.0v2.102025-08-05
CVE-2025-8545 [MEDIUM] CWE-79 CVE-2025-8545: A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar 2.10. Af A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar 2.10. Affected by this issue is some unknown functionality of the file /intranet/educar_motivo_afastamento_cad.php. The manipulation of the argument nm_motivo leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to t
nvd
CVE-2025-8544P4MEDIUMCVSS 4.8v2.10.0v2.102025-08-05
CVE-2025-8544 [MEDIUM] CWE-79 CVE-2025-8544: A vulnerability classified as problematic was found in Portabilis i-Educar 2.10. Affected by this vu A vulnerability classified as problematic was found in Portabilis i-Educar 2.10. Affected by this vulnerability is an unknown functionality of the file /module/RegraAvaliacao/edit. The manipulation of the argument nome leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The v
nvd
CVE-2025-8541P4MEDIUMCVSS 4.8v2.10.0v2.102025-08-05
CVE-2025-8541 [MEDIUM] CWE-79 CVE-2025-8541: A vulnerability was found in Portabilis i-Educar 2.10. It has been declared as problematic. This vul A vulnerability was found in Portabilis i-Educar 2.10. It has been declared as problematic. This vulnerability affects unknown code of the file /intranet/public_uf_cad.php. The manipulation of the argument nome leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor w
nvd
CVE-2025-8538P4MEDIUMCVSS 4.8v2.10.0v2.102025-08-05
CVE-2025-8538 [MEDIUM] CWE-79 CVE-2025-8538: A vulnerability has been found in Portabilis i-Educar 2.10 and classified as problematic. Affected b A vulnerability has been found in Portabilis i-Educar 2.10 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /usuarios/tipos/novo. The manipulation of the argument name/description leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may
nvd
CVE-2025-8539P4MEDIUMCVSS 4.8v2.10.0v2.102025-08-05
CVE-2025-8539 [MEDIUM] CWE-79 CVE-2025-8539: A vulnerability was found in Portabilis i-Educar 2.10 and classified as problematic. Affected by thi A vulnerability was found in Portabilis i-Educar 2.10 and classified as problematic. Affected by this issue is some unknown functionality of the file /intranet/public_distrito_cad.php. The manipulation of the argument nome leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. T
nvd
CVE-2025-8542P4MEDIUMCVSS 4.8v2.10.0v2.102025-08-05
CVE-2025-8542 [MEDIUM] CWE-79 CVE-2025-8542: A vulnerability was found in Portabilis i-Educar 2.10. It has been rated as problematic. This issue A vulnerability was found in Portabilis i-Educar 2.10. It has been rated as problematic. This issue affects some unknown processing of the file /intranet/empresas_cad.php. The manipulation of the argument fantasia/razao_social leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be use
nvd
CVE-2025-8540P4MEDIUMCVSS 4.8v2.10.0v2.102025-08-05
CVE-2025-8540 [MEDIUM] CWE-79 CVE-2025-8540: A vulnerability was found in Portabilis i-Educar 2.10. It has been classified as problematic. This a A vulnerability was found in Portabilis i-Educar 2.10. It has been classified as problematic. This affects an unknown part of the file /intranet/public_municipio_cad.php. The manipulation of the argument nome leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The
nvd
CVE-2025-10099P4MEDIUMCVSS 4.8≤ 2.10.0v2.0+10 more2025-09-08
CVE-2025-10099 [MEDIUM] CWE-79 CVE-2025-10099: A weakness has been identified in Portabilis i-Educar up to 2.10. Affected by this vulnerability is A weakness has been identified in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/educar_usuario_cad.php of the component Editar usuário Page. This manipulation of the argument email/data_inicial/data_expiracao causes cross site scripting. It is possible to initiate the attack remotely.
nvd
CVE-2024-45057P4MEDIUMCVSS 6.1≤ 2.9fixed in 2.92024-08-28
CVE-2024-45057 [MEDIUM] CWE-79 CVE-2024-45057: i-Educar is free, fully online school management software that can be used by school secretaries, te i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the dynamic generation of HTML fields prior to the 2.9 branch. The file located at `ieducar/intranet/include/clsCampos.inc.php` does not pro
nvd
CVE-2024-55239P4MEDIUMCVSS 5.4v2.92024-12-18
CVE-2024-55239 [MEDIUM] CWE-79 CVE-2024-55239: A reflected Cross-Site Scripting vulnerability in the standard documentation upload functionality in A reflected Cross-Site Scripting vulnerability in the standard documentation upload functionality in Portabilis i-Educar 2.9 allows attacker to craft malicious urls with arbitrary javascript in the 'titulo_documento' parameter.
nvd
CVE-2026-4355P4LOWCVSS 3.5v2.112026-03-18
CVE-2026-4355 [LOW] CWE-79 CVE-2026-4355: A vulnerability was detected in Portabilis i-Educar 2.11. This impacts an unknown function of the fi A vulnerability was detected in Portabilis i-Educar 2.11. This impacts an unknown function of the file /intranet/educar_servidor_curso_lst.php of the component Endpoint. Performing a manipulation of the argument Name results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be used. The vendor was contacted e
nvd
CVE-2025-9638P4MEDIUMCVSS 4.8v2.10.02025-12-09
CVE-2025-9638 [MEDIUM] CWE-79 CVE-2025-9638: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Portabilis i-Educar allows Stored Cross-Site Scripting (XSS) via the matricula_interna parameter in the educar_usuario_cad.php endpoint. This issue affects i-Educar: 2.10.0.
nvd
Portabilis I-Educar vulnerabilities | cvebase