CVE-2025-9105 MEDIUM

CVE-2025-9105: Portabilis i-Diario Informações Adicionais /planos-de-ensino-por-areas-de-conhecimento cross site scripting

Vendor Portabilis
Product i-Diario
Weakness CWE-79 · XSS
Published August 18, 2025
Last update August 18, 2025
View on NVD All CVEs

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability has been found in Portabilis i-Diario up to 1.5.0. The impacted element is an unknown function of the file /planos-de-ensino-por-areas-de-conhecimento/ of the component Informações Adicionais Page. Such manipulation of the argument Parecer/Conteúdos/Objetivos leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

August 18, 2025 CVE published
August 18, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-5638 Formula <= 0.5.1 - Reflected Cross-Site Scripting via ti_customizer_notify_dismiss_recommended_plugins CVE-2024-4446 Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode) <= 3.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via pagingType Parameter CVE-2024-37459 WordPress PayPlus Payment Gateway plugin <= 6.6.8 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2025-2078 BlogBuzzTime-for-wp <= 1.1 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2023-33929 WordPress Easy Admin Menu Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS)