CVE-2025-9722 MEDIUM

CVE-2025-9722: Portabilis i-Educar educar_tipo_ocorrencia_disciplinar_cad.php cross site scripting

Vendor Portabilis
Product i-Educar
Weakness CWE-79 · XSS
Published August 31, 2025
Last update October 13, 2025
View on NVD All CVEs

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability has been found in Portabilis i-Educar up to 2.10. The impacted element is an unknown function of the file /intranet/educar_tipo_ocorrencia_disciplinar_cad.php. Such manipulation of the argument nm_tipo/descricao leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Key dates

02Disclosure timeline

August 31, 2025 CVE published
October 13, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-25963 WordPress JS Job Manager Plugin <= 2.0.0 is vulnerable to Cross Site Scripting (XSS) CVE-2024-43723 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) CVE-2024-50415 WordPress Ads.txt & App-ads.txt Manager for WordPress plugin <= 1.1.7.1 - Stored Cross Site Scripting (XSS) vulnerability CVE-2022-1051 WPQA < 5.2 - Subscriber+ Stored Cross-Site Scripting via Profile fields CVE-2023-6568 Reflected XSS via Content-Type Header in mlflow/mlflow