{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-8510", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-08-02T15:20:44.463Z", "datePublished": "2025-08-03T13:02:06.743Z", "dateUpdated": "2025-08-04T18:59:22.406Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-08-03T13:02:06.743Z"}, "title": "Portabilis i-Educar educar_matricula_lst.php Gerar cross site scripting", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-79", "lang": "en", "description": "Cross Site Scripting"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-94", "lang": "en", "description": "Code Injection"}]}], "affected": [{"vendor": "Portabilis", "product": "i-Educar", "versions": [{"version": "2.10", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic has been found in Portabilis i-Educar 2.10. This affects the function Gerar of the file ieducar/intranet/educar_matricula_lst.php. The manipulation of the argument ref_cod_aluno leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 82c288b9a4abb084bdfa1c0c4ef777ed45f98b46. It is recommended to apply a patch to fix this issue. The vendor initially closed the original advisory without requesting a CVE."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in Portabilis i-Educar 2.10 entdeckt. Sie wurde als problematisch eingestuft. Betroffen hiervon ist die Funktion Gerar der Datei ieducar/intranet/educar_matricula_lst.php. Mittels dem Manipulieren des Arguments ref_cod_aluno mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 82c288b9a4abb084bdfa1c0c4ef777ed45f98b46 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.1, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:OF/RC:C"}}], "timeline": [{"time": "2025-08-02T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-08-02T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-08-02T17:26:04.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "nmmorette (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.318609", "name": "VDB-318609 | Portabilis i-Educar educar_matricula_lst.php Gerar cross site scripting", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.318609", "name": "VDB-318609 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.618964", "name": "Submit #618964 | Portabilis i-Educar 2.10 Cross Site Scripting", "tags": ["third-party-advisory"]}, {"url": "https://github.com/CVE-Hunters/CVE/blob/main/i-educar/Reflected%20Cross-Site%20Scripting%20(XSS)%20in%20educar_matricula_lst.php%20via%20ref_cod_aluno%20Parameter.md", "tags": ["exploit"]}, {"url": "https://github.com/portabilis/i-educar/compare/GHSA-88xc-64vw-g4xg", "tags": ["patch"]}, {"url": "https://github.com/portabilis/i-educar/commit/82c288b9a4abb084bdfa1c0c4ef777ed45f98b46", "tags": ["patch"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-04T18:48:30.468387Z", "id": "CVE-2025-8510", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-04T18:59:22.406Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "Portabilis i-Educar educar_matricula_lst.php Gerar cross site scripting", "credits": [{"lang": "en", "type": "reporter", "value": "nmmorette (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:OF/RC:C"}}], "affected": [{"vendor": "Portabilis", "product": "i-Educar", "versions": [{"status": "affected", "version": "2.10"}]}], "timeline": [{"lang": "en", "time": "2025-08-02T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-08-02T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-08-02T17:26:04.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.318609", "name": "VDB-318609 | Portabilis i-Educar educar_matricula_lst.php Gerar cross site scripting", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.318609", "name": "VDB-318609 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.618964", "name": "Submit #618964 | Portabilis i-Educar 2.10 Cross Site Scripting", "tags": ["third-party-advisory"]}, {"url": "https://github.com/CVE-Hunters/CVE/blob/main/i-educar/Reflected%20Cross-Site%20Scripting%20(XSS)%20in%20educar_matricula_lst.php%20via%20ref_cod_aluno%20Parameter.md", "tags": ["exploit"]}, {"url": "https://github.com/portabilis/i-educar/compare/GHSA-88xc-64vw-g4xg", "tags": ["patch"]}, {"url": "https://github.com/portabilis/i-educar/commit/82c288b9a4abb084bdfa1c0c4ef777ed45f98b46", "tags": ["patch"]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic has been found in Portabilis i-Educar 2.10. This affects the function Gerar of the file ieducar/intranet/educar_matricula_lst.php. The manipulation of the argument ref_cod_aluno leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 82c288b9a4abb084bdfa1c0c4ef777ed45f98b46. It is recommended to apply a patch to fix this issue. The vendor initially closed the original advisory without requesting a CVE."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in Portabilis i-Educar 2.10 entdeckt. Sie wurde als problematisch eingestuft. Betroffen hiervon ist die Funktion Gerar der Datei ieducar/intranet/educar_matricula_lst.php. Mittels dem Manipulieren des Arguments ref_cod_aluno mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 82c288b9a4abb084bdfa1c0c4ef777ed45f98b46 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "Cross Site Scripting"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "Code Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-08-03T13:02:06.743Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-8510", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-08-04T18:48:30.468387Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2025-08-04T18:48:37.062Z"}}]}, "cveMetadata": {"cveId": "CVE-2025-8510", "state": "PUBLISHED", "dateUpdated": "2025-08-03T13:02:06.743Z", "dateReserved": "2025-08-02T15:20:44.463Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-08-03T13:02:06.743Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic has been found in Portabilis i-Educar 2.10. This affects the function Gerar of the file ieducar/intranet/educar_matricula_lst.php. The manipulation of the argument ref_cod_aluno leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 82c288b9a4abb084bdfa1c0c4ef777ed45f98b46. It is recommended to apply a patch to fix this issue. The vendor initially closed the original advisory without requesting a CVE."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad clasificada como problem\u00e1tica en Portabilis i-Educar 2.10. Esta afecta a la funci\u00f3n Gerar del archivo ieducar/intranet/educar_matricula_lst.php. La manipulaci\u00f3n del argumento ref_cod_aluno provoca ataques de Cross-Site Scripting. Es posible iniciar el ataque remotamente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. El identificador del parche es 82c288b9a4abb084bdfa1c0c4ef777ed45f98b46. Se recomienda aplicar un parche para solucionar este problema. El proveedor inicialmente cerr\u00f3 el aviso original sin solicitar una CVE."}], "id": "CVE-2025-8510", "lastModified": "2025-08-04T15:06:15.833", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-08-03T13:15:26.300", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/CVE-Hunters/CVE/blob/main/i-educar/Reflected%20Cross-Site%20Scripting%20(XSS)%20in%20educar_matricula_lst.php%20via%20ref_cod_aluno%20Parameter.md"}, {"source": "cna@vuldb.com", "url": "https://github.com/portabilis/i-educar/commit/82c288b9a4abb084bdfa1c0c4ef777ed45f98b46"}, {"source": "cna@vuldb.com", "url": "https://github.com/portabilis/i-educar/compare/GHSA-88xc-64vw-g4xg"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.318609"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.318609"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.618964"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-94"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}