CVE-2025-9106 MEDIUM

CVE-2025-9106: Portabilis i-Diario Informações Adicionais /planos-de-ensino-por-disciplina cross site scripting

Vendor Portabilis
Product i-Diario
Weakness CWE-79 · XSS
Published August 18, 2025
Last update August 18, 2025
View on NVD All CVEs

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was found in Portabilis i-Diario up to 1.5.0. This affects an unknown function of the file /planos-de-ensino-por-disciplina/ of the component Informações Adicionais Page. Performing manipulation of the argument Parecer/Conteúdos/Objetivos results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

August 18, 2025 CVE published
August 18, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-49893 WordPress Nuss Theme <= 1.3.3 - Cross Site Scripting (XSS) Vulnerability CVE-2026-23722 WeGIA has a Reflected Cross-Site Scripting (XSS) vulnerability allowing arbitrary code execution and UI redressing. CVE-2026-47943 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2023-4372 LiteSpeed Cache <= 5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2025-23858 WordPress Custom Users Order Plugin <= 4.2 - Reflected Cross Site Scripting (XSS) vulnerability