CVE-2025-9720

LOW

Portabilis i-educar < 2.10 - Cross-Site Scripting via Nome Parameter in Cadastrar tabela de arredondamento Page

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-9720. PoCs published by KarinaGante.

AI-analyzed exploit summary This repository contains detailed writeups for multiple CVEs, including CVE-2025-10909, which describes a stored XSS vulnerability via SVG file upload bypass in NovoSGA. The writeup includes technical details, PoC payloads, and impact analysis.

Description

A vulnerability was detected in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/TabelaArredondamento/edit of the component Cadastrar tabela de arredondamento Page. The manipulation of the argument Nome results in cross site scripting. The attack may be performed from remote. The exploit is now public and may be used.

Exploits (1)

github WRITEUP
by KarinaGante · htmlpoc
https://github.com/KarinaGante/KG-Sec/tree/main/CVEs/i-Educar/CVE-2025-9720.md

This repository contains detailed writeups for multiple CVEs, including CVE-2025-10909, which describes a stored XSS vulnerability via SVG file upload bypass in NovoSGA. The writeup includes technical details, PoC payloads, and impact analysis.

Classification
Writeup 100%
Attack Type
Xss
Complexity
Moderate
Reliability
Reliable
Target: NovoSGA
Auth required
Prerequisites: Access to the /admin endpoint · Ability to upload SVG files
devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry technical-description
https://vuldb.com/?id.322009
Permissions Required, VDB Entry signature permissions-required
https://vuldb.com/?ctiid.322009
Third Party Advisory, VDB Entry third-party-advisory
https://vuldb.com/?submit.638671

Scores

CVSS v3 3.5
EPSS 0.0022
EPSS Percentile 12.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79 CWE-94
Status published
Products (1)
portabilis/i-educar < 2.10
Published Aug 31, 2025
Tracked Since Feb 18, 2026