CVE-2024-55651

MEDIUM

i-educar 2.9 - Stored Cross-Site Scripting in User Type Input Field

Title source: llm
STIX 2.1

Description

i-Educar is free, fully online school management software. Version 2.9 of the application fails to properly validate and sanitize user supplied input, leading to a stored cross-site scripting vulnerability that resides within the user type (Tipo de Usuário) input field. Through this attacker vector a malicious user might be able to retrieve information belonging to another user, which may lead to sensitive information leakage or other malicious actions. As of time of publication, no patched versions are known to exist.

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_confirm
https://github.com/portabilis/i-educar/security/advisories/GHSA-8fjj-9937-g84w

Scores

CVSS v3 5.4
EPSS 0.0021
EPSS Percentile 11.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
portabilis/i-educar 2.9.0
Published May 08, 2025
Tracked Since Feb 18, 2026