CVE-2025-8919 MEDIUM

CVE-2025-8919: Portabilis i-Diario History objetivos-de-aprendizagem-e-habilidades cross site scripting

Vendor Portabilis
Product i-Diario
Weakness CWE-79 · XSS
Published August 13, 2025
Last update August 15, 2025
View on NVD All CVEs

CVSS base score

4.8/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was determined in Portabilis i-Diario up to 1.6. Affected is an unknown function of the file /objetivos-de-aprendizagem-e-habilidades of the component History Page. The manipulation of the argument código/objetivo habilidade leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

August 13, 2025 CVE published
August 15, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-5965 Mosaic <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode CVE-2026-1437 Reflected Cross-Site Scripting (XSS) vulnerability in Graylog Web Interface CVE-2026-5332 Xiaopi Panel WAF Firewall demo.php cross site scripting CVE-2025-53205 WordPress Radio Player Shoutcast & Icecast <= 4.4.7 - Cross Site Scripting (XSS) Vulnerability CVE-2024-51935 WordPress Fast Video and Image Display plugin <= 2.5.2 - Cross Site Scripting (XSS) vulnerability