Natan Morette

9 exploits Active since Jan 2025
CVE-2024-57030 WRITEUP HIGH WRITEUP
Wegia < 3.2.0 - XSS
Wegia < 3.2.0 is vulnerable to Cross Site Scripting (XSS) in /geral/documentos_funcionario.php via the id parameter.
CVSS 8.1
CVE-2024-57033 WRITEUP MEDIUM WRITEUP
WeGIA <3.2.0 - XSS
WeGIA < 3.2.0 is vulnerable to Cross Site Scripting (XSS) via the dados_addInfo parameter of documentos_funcionario.php.
CVSS 6.1
CVE-2025-8918 WRITEUP LOW WRITEUP
Portabilis I-educar < 2.10.0 - Code Injection
A vulnerability was found in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /intranet/educar_instituicao_cad.php of the component Editar Page. The manipulation of the argument neighborhood name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 2.4
CVE-2025-8919 WRITEUP LOW WRITEUP
Portabilis I-diario < 1.6 - Code Injection
A vulnerability was determined in Portabilis i-Diario up to 1.6. Affected is an unknown function of the file /objetivos-de-aprendizagem-e-habilidades of the component History Page. The manipulation of the argument código/objetivo habilidade leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 2.4
CVE-2025-8919 WRITEUP LOW WRITEUP
Portabilis I-diario < 1.6 - Code Injection
A vulnerability was determined in Portabilis i-Diario up to 1.6. Affected is an unknown function of the file /objetivos-de-aprendizagem-e-habilidades of the component History Page. The manipulation of the argument código/objetivo habilidade leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 2.4
CVE-2025-8920 WRITEUP LOW WRITEUP
Portabilis I-diario - Code Injection
A vulnerability was identified in Portabilis i-Diario 1.6. Affected by this vulnerability is an unknown functionality of the file /dicionario-de-termos-bncc of the component Dicionário de Termos BNCC Page. The manipulation of the argument Planos de ensino leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 2.4
CVE-2025-8920 WRITEUP LOW WRITEUP
Portabilis I-diario - Code Injection
A vulnerability was identified in Portabilis i-Diario 1.6. Affected by this vulnerability is an unknown functionality of the file /dicionario-de-termos-bncc of the component Dicionário de Termos BNCC Page. The manipulation of the argument Planos de ensino leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 2.4
CVE-2026-2108 WRITEUP MEDIUM WRITEUP
jsbroks COCO Annotator <0.11.1 - DoS
A vulnerability was determined in jsbroks COCO Annotator up to 0.11.1. This impacts an unknown function of the file /api/info/long_task of the component Endpoint. This manipulation causes denial of service. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 5.3
CVE-2026-2109 WRITEUP MEDIUM WRITEUP
jsbroks COCO Annotator <0.11.1 - Auth Bypass
A vulnerability was identified in jsbroks COCO Annotator up to 0.11.1. Affected is an unknown function of the file /api/undo/ of the component Delete Category Handler. Such manipulation of the argument ID leads to improper authorization. The attack may be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 5.4