CVE-2024-55651
MEDIUMi-educar 2.9 - Stored Cross-Site Scripting in User Type Input Field
Title source: llmDescription
i-Educar is free, fully online school management software. Version 2.9 of the application fails to properly validate and sanitize user supplied input, leading to a stored cross-site scripting vulnerability that resides within the user type (Tipo de Usuário) input field. Through this attacker vector a malicious user might be able to retrieve information belonging to another user, which may lead to sensitive information leakage or other malicious actions. As of time of publication, no patched versions are known to exist.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_confirm
https://github.com/portabilis/i-educar/security/advisories/GHSA-8fjj-9937-g84w
Scores
CVSS v3
5.4
EPSS
0.0021
EPSS Percentile
11.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (1)
portabilis/i-educar
2.9.0
Published
May 08, 2025
Tracked Since
Feb 18, 2026