Natan Maia Morette

16 exploits Active since Dec 2024
CVE-2024-53470 WRITEUP MEDIUM WRITEUP
Wegia - XSS
Multiple stored cross-site scripting (XSS) vulnerabilities in the component /configuracao/gateway_pagamento.php of WeGIA v3.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the id or name parameter.
CVSS 6.1
CVE-2024-53471 WRITEUP MEDIUM WRITEUP
Wegia - XSS
Multiple stored cross-site scripting (XSS) vulnerabilities in the component /configuracao/meio_pagamento.php of WeGIA v3.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the id or name parameter.
CVSS 6.1
CVE-2024-53472 WRITEUP HIGH WRITEUP
Wegia - CSRF
WeGIA v3.2.0 was discovered to contain a Cross-Site Request Forgery (CSRF).
CVSS 8.8
CVE-2024-53473 WRITEUP HIGH WRITEUP
Wegia - Missing Authorization
WeGIA 3.2.0 before 3998672 does not verify permission to change a password.
CVSS 7.5
CVE-2024-57031 WRITEUP CRITICAL WRITEUP
WeGIA <3.2.0 - SQL Injection
WeGIA < 3.2.0 is vulnerable to SQL Injection in /funcionario/remuneracao.php via the id_funcionario parameter.
CVSS 9.8
CVE-2024-57034 WRITEUP CRITICAL WRITEUP
WeGIA <3.2.0 - SQL Injection
WeGIA < 3.2.0 is vulnerable to SQL Injection in query_geracao_auto.php via the query parameter.
CVSS 9.8
CVE-2024-57035 WRITEUP CRITICAL WRITEUP
WeGIA v3.2.0 - SQL Injection
WeGIA v3.2.0 is vulnerable to SQL Injection viathe nextPage parameter in /controle/control.php.
CVSS 9.8
CVE-2025-7728 WRITEUP LOW WRITEUP
Scada-LTS <2.7.8.1 - XSS
A vulnerability classified as problematic has been found in Scada-LTS up to 2.7.8.1. Affected is an unknown function of the file users.shtm. The manipulation of the argument Username leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this issue and confirmed that it will be fixed in the upcoming release 2.8.0.
CVSS 3.5
CVE-2025-7729 WRITEUP LOW WRITEUP
Scada-LTS <2.7.8.1 - XSS
A vulnerability classified as problematic was found in Scada-LTS up to 2.7.8.1. Affected by this vulnerability is an unknown functionality of the file usersProfiles.shtm. The manipulation of the argument Username leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this issue and confirmed that it will be fixed in the upcoming release 2.8.0.
CVSS 3.5
CVE-2025-7870 WRITEUP LOW WRITEUP
Portabilis i-Diario 1.5.0 - XSS
A vulnerability, which was classified as problematic, was found in Portabilis i-Diario 1.5.0. This affects an unknown part of the component justificativas-de-falta Endpoint. The manipulation of the argument Anexo leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 3.5
CVE-2025-7871 WRITEUP LOW WRITEUP
Portabilis i-Diario 1.5.0 - XSS
A vulnerability has been found in Portabilis i-Diario 1.5.0 and classified as problematic. This vulnerability affects unknown code of the file /conteudos. The manipulation of the argument filter[by_description] leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 3.5
CVE-2025-8346 WRITEUP MEDIUM WRITEUP
Portabilis I-educar - Code Injection
A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar 2.10. Affected by this issue is some unknown functionality of the file /educar_aluno_lst.php. The manipulation of the argument ref_cod_matricula with the input "><img%20src=x%20onerror=alert(%27CVE-Hunters%27)> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 4.3
CVE-2025-8789 WRITEUP MEDIUM WRITEUP
Portabilis I-educar < 2.9.0 - Improper Authorization
A vulnerability was found in Portabilis i-Educar up to 2.9.0. It has been classified as problematic. This affects an unknown part of the file /module/Api/Diario of the component API Endpoint. The manipulation leads to authorization bypass. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 4.3
CVE-2025-8790 WRITEUP MEDIUM WRITEUP
Portabilis I-educar < 2.9.0 - Improper Authorization
A vulnerability was found in Portabilis i-Educar up to 2.9.0. It has been declared as critical. This vulnerability affects unknown code of the file /module/Api/pessoa of the component API Endpoint. The manipulation of the argument ID leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 4.3
CVE-2025-9404 WRITEUP LOW WRITEUP
Scada-LTS <2.7.8.1 - XSS
A vulnerability was identified in Scada-LTS up to 2.7.8.1. The affected element is an unknown function of the file /pointHierarchySLTS of the component Folder Handler. The manipulation of the argument Title leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
CVSS 2.4
CVE-2026-2064 WRITEUP LOW WRITEUP
Portabilis i-Educar <2.10 - XSS
A vulnerability was identified in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/meusdadod.php of the component User Data Page. Such manipulation of the argument File leads to cross site scripting. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 3.5