RegularUs3r

3 exploits Active since Dec 2024
CVE-2024-55239 WRITEUP MEDIUM WRITEUP
Portabilis i-educar 2.9 - Reflected Cross-Site Scripting via 'titulo_documento' Parameter
A reflected Cross-Site Scripting vulnerability in the standard documentation upload functionality in Portabilis i-Educar 2.9 allows attacker to craft malicious urls with arbitrary javascript in the 'titulo_documento' parameter.
CVSS 5.4
CVE-2024-12893 WRITEUP LOW WRITEUP
Portabilis i-educar < 2.9 - Stored Cross-Site Scripting via Tipo de Usurio Page
A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar up to 2.9. Affected by this issue is some unknown functionality of the file /usuarios/tipos/2 of the component Tipo de Usuário Page. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 2.4
CVE-2024-55239 WRITEUP MEDIUM SUSPICIOUS
Portabilis i-educar 2.9 - Reflected Cross-Site Scripting via 'titulo_documento' Parameter
A reflected Cross-Site Scripting vulnerability in the standard documentation upload functionality in Portabilis i-Educar 2.9 allows attacker to craft malicious urls with arbitrary javascript in the 'titulo_documento' parameter.
CVSS 5.4