Karina Gante

32 exploits Active since Aug 2025
CVE-2025-9721 GITHUB LOW html WRITEUP
Portabilis i-Educar < 2.10 - Cross-Site Scripting via FormulaMedia Edit Function
A flaw has been found in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /module/FormulaMedia/edit. This manipulation of the argument nome/formulaMedia causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been published and may be used.
CVSS 3.5
CVE-2025-9722 GITHUB LOW html WRITEUP
Portabilis i-Educar <= 2.10 - Cross-Site Scripting via nm_tipo/descricao Parameter
A vulnerability has been found in Portabilis i-Educar up to 2.10. The impacted element is an unknown function of the file /intranet/educar_tipo_ocorrencia_disciplinar_cad.php. Such manipulation of the argument nm_tipo/descricao leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 3.5
CVE-2025-9723 GITHUB LOW html WRITEUP
Portabilis i-Educar <= 2.10 - Cross-Site Scripting via nm_tipo Argument
A vulnerability was found in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /intranet/educar_tipo_regime_cad.php. Performing manipulation of the argument nm_tipo results in cross site scripting. The attack can be initiated remotely. The exploit has been made public and could be used.
CVSS 3.5
CVE-2025-9724 GITHUB LOW html WRITEUP
Portabilis i-educar < 2.10 - Cross-Site Scripting via nm_nivel/descricao Parameter
A vulnerability was determined in Portabilis i-Educar up to 2.10. This impacts an unknown function of the file /intranet/educar_nivel_ensino_cad.php. Executing manipulation of the argument nm_nivel/descricao can lead to cross site scripting. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.
CVSS 3.5
CVE-2025-9738 GITHUB LOW html WRITEUP
Portabilis i-Educar < 2.10.0 - Cross-Site Scripting via nm_tipo Argument in educar_tipo_ensino_cad.php
A flaw has been found in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/educar_tipo_ensino_cad.php. Executing manipulation of the argument nm_tipo can lead to cross site scripting. The attack can be executed remotely. The exploit has been published and may be used.
CVSS 3.5
CVE-2025-8542 GITHUB LOW html WRITEUP
Portabilis i-Educar 2.10 - Cross-Site Scripting via fantasia/razao_social Parameter
A vulnerability was found in Portabilis i-Educar 2.10. It has been rated as problematic. This issue affects some unknown processing of the file /intranet/empresas_cad.php. The manipulation of the argument fantasia/razao_social leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 2.4
CVE-2025-9137 GITHUB LOW html WRITEUP
Scada-LTS 2.7.8.1 - Cross-Site Scripting via Scheduled Events Alias Parameter
A vulnerability has been found in Scada-LTS 2.7.8.1. This impacts an unknown function of the file scheduled_events.shtm. Such manipulation of the argument alias leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The vendor explains: "[T]he risks of indicated vulnerabilities seem to be minimal as all scenarios likely require admin permissions. Moreover, regardless our team fixes those vulnerabilities - the overall risk change to the user due to malicious admin actions will not be lower. An admin user - by definition - has full control over HTML and JS code that is delivered to users in regular synoptic panels. In other words - due to the design of the system it is not possible to limit the admin user to attack the users."
CVSS 3.5