CVE-2025-8545 MEDIUM

CVE-2025-8545: Portabilis i-Educar educar_motivo_afastamento_cad.php cross site scripting

Vendor Portabilis

Product i-Educar

Weakness CWE-79 · XSS

Published August 5, 2025

Last update August 7, 2025

View on NVD All CVEs

CVSS base score

4.8/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar 2.10. Affected by this issue is some unknown functionality of the file /intranet/educar_motivo_afastamento_cad.php. The manipulation of the argument nm_motivo leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

August 5, 2025 CVE published

August 7, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-8545

Related vulnerabilities

04Related CVE

CVE-2024-51812 WordPress Pro Addons For Elementor plugin <= 1.5.0 - Cross Site Scripting (XSS) vulnerability CVE-2026-24361 WordPress LearnPress – Course Review plugin <= 4.1.9 - Cross Site Scripting (XSS) vulnerability CVE-2026-34812 Endian Firewall /cgi-bin/proxypolicy.cgi mimetypes Stored Cross-Site Scripting CVE-2024-52358 WordPress Responsive Addons for Elementor plugin <= 1.5.4 - Cross Site Scripting (XSS) vulnerability CVE-2025-28957 WordPress OwnerRez API plugin <= 1.2.1 - Cross Site Scripting (XSS) Vulnerability