A security flaw has been discovered in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /agenda_preferencias.php. The manipulation of the argument tipoacao results in cross site scripting. The attack may be launched remotely. The exploit has been released to the public and may be exploited.
References
| Link | Resource |
|---|---|
| https://github.com/marcelomulder/CVE/blob/main/i-educar/CVE-2025-10605.md | Exploit Third Party Advisory |
| https://github.com/marcelomulder/CVE/blob/main/i-educar/Cross-Site%20Scripting%20(XSS)%20Reflected%20endpoint%20%60agenda_preferencias.php%60%20parameter%20%60tipoacao%60.md | Broken Link |
| https://vuldb.com/?ctiid.324625 | Permissions Required VDB Entry |
| https://vuldb.com/?id.324625 | Third Party Advisory VDB Entry |
| https://vuldb.com/?submit.649872 | Third Party Advisory VDB Entry |
| https://github.com/marcelomulder/CVE/blob/main/i-educar/CVE-2025-10605.md | Exploit Third Party Advisory |
| https://vuldb.com/?submit.649872 | Third Party Advisory VDB Entry |
Configurations
History
No history.
Information
Published : 2025-09-17 18:15
Updated : 2025-09-18 20:22
NVD link : CVE-2025-10605
Mitre link : CVE-2025-10605
CVE.ORG link : CVE-2025-10605
JSON object : View
Products Affected
portabilis
- i-educar