Unrated severityNVD Advisory· Published Dec 9, 2025· Updated Dec 9, 2025
i-Educar 2.10.0 - Stored Cross-Site Scripting (XSS) in admin panel
CVE-2025-9638
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Portabilis i-Educar allows Stored Cross-Site Scripting (XSS) via the matricula_interna parameter in the educar_usuario_cad.php endpoint. This issue affects i-Educar: 2.10.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2= 2.10.0+ 1 more
- (no CPE)range: = 2.10.0
- (no CPE)range: 2.10.0
Patches
Vulnerability mechanics
References
1- fluidattacks.com/advisories/travismitrethird-party-advisory
News mentions
0No linked articles in our index yet.