CVE-2025-9720 MEDIUM

CVE-2025-9720: Portabilis i-Educar Cadastrar tabela de arredondamento edit cross site scripting

Vendor Portabilis
Product i-Educar
Weakness CWE-79 · XSS
Published August 31, 2025
Last update October 13, 2025
View on NVD All CVEs

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was detected in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/TabelaArredondamento/edit of the component Cadastrar tabela de arredondamento Page. The manipulation of the argument Nome results in cross site scripting. The attack may be performed from remote. The exploit is now public and may be used.

Key dates

02Disclosure timeline

August 31, 2025 CVE published
October 13, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-5061 Enfold <= 6.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via wrapper_class and class Parameters CVE-2025-12667 GitHub Gist Shortcode Plugin <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2023-1593 SourceCodester Automatic Question Paper Generator System cross site scripting CVE-2022-0271 LearnPress < 4.1.6 - Reflected Cross-Site Scripting CVE-2023-0289 Cross-site Scripting (XSS) - Stored in craigk5n/webcalendar