VYPR

Vendor CVEs

Portabilis

All CVEs

108 total · sorted by risk
  • CVE-2025-9738LowAug 31, 2025
    risk 0.23cvss 3.5epss 0.00

    A flaw has been found in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/educar_tipo_ensino_cad.php. Executing manipulation of the argument nm_tipo can lead to cross site scripting. The attack can be executed…

  • CVE-2025-9724LowAug 31, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was determined in Portabilis i-Educar up to 2.10. This impacts an unknown function of the file /intranet/educar_nivel_ensino_cad.php. Executing manipulation of the argument nm_nivel/descricao can lead to cross site scripting. The attack can be launched remotely.…

  • CVE-2025-9723LowAug 31, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was found in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /intranet/educar_tipo_regime_cad.php. Performing manipulation of the argument nm_tipo results in cross site scripting. The attack can be initiated remotely. The exploit has…

  • CVE-2025-9722LowAug 31, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability has been found in Portabilis i-Educar up to 2.10. The impacted element is an unknown function of the file /intranet/educar_tipo_ocorrencia_disciplinar_cad.php. Such manipulation of the argument nm_tipo/descricao leads to cross site scripting. It is possible to…

  • CVE-2025-9721LowAug 31, 2025
    risk 0.23cvss 3.5epss 0.00

    A flaw has been found in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /module/FormulaMedia/edit. This manipulation of the argument nome/formulaMedia causes cross site scripting. It is possible to initiate the attack remotely. The…

  • CVE-2025-9720LowAug 31, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was detected in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/TabelaArredondamento/edit of the component Cadastrar tabela de arredondamento Page. The manipulation of the argument Nome results in cross site scripting. The…

  • CVE-2025-9653LowAug 29, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was identified in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/educar_projeto_cad.php of the component Cadastrar projeto Page. Such manipulation of the argument nome/observacao leads to cross…

  • CVE-2025-9652LowAug 29, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was determined in Portabilis i-Educar up to 2.10. Affected is an unknown function of the file /intranet/educar_transferencia_tipo_cad.php of the component Cadastrar tipo de transferência Page. This manipulation of the argument nm_tipo/desc_tipo causes cross site…

  • CVE-2025-9106LowAug 18, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was found in Portabilis i-Diario up to 1.5.0. This affects an unknown function of the file /planos-de-ensino-por-disciplina/ of the component Informações Adicionais Page. Performing manipulation of the argument Parecer/Conteúdos/Objetivos results in cross site…

  • CVE-2025-9105LowAug 18, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability has been found in Portabilis i-Diario up to 1.5.0. The impacted element is an unknown function of the file /planos-de-ensino-por-areas-de-conhecimento/ of the component Informações Adicionais Page. Such manipulation of the argument Parecer/Conteúdos/Objetivos…

  • CVE-2025-9104LowAug 18, 2025
    risk 0.23cvss 3.5epss 0.00

    A flaw has been found in Portabilis i-Diario up to 1.5.0. The affected element is an unknown function of the file /planos-de-aulas-por-disciplina/ of the component Informações Adicionais Page. This manipulation of the argument Parecer/Objeto de Conhecimento/Habilidades causes…

  • CVE-2025-8788LowAug 10, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was found in Portabilis i-Diario up to 1.5.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /planos-de-aula-por-areas-de-conhecimento/ of the component Informações adicionais. The manipulation of the argument…

  • CVE-2025-8787LowAug 10, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability has been found in Portabilis i-Diario up to 1.5.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /registros-de-conteudos-por-disciplina/ of the component Registro das atividades. The manipulation of the…

  • CVE-2025-8786LowAug 10, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability, which was classified as problematic, was found in Portabilis i-Diario up to 1.5.0. Affected is an unknown function of the file /registros-de-conteudos-por-areas-de-conhecimento/ of the component Registro das atividades. The manipulation of the argument Registro…

  • CVE-2025-8785LowAug 10, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar up to 2.9. This issue affects some unknown processing of the file /intranet/educar_usuario_lst.php. The manipulation of the argument nm_pessoa/matricula/matricula_interna leads to cross…

  • CVE-2025-8784LowAug 9, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability classified as problematic was found in Portabilis i-Educar up to 2.9. This vulnerability affects unknown code of the file /intranet/funcionario_vinculo_cad.php of the component Cadastrar Vínculo Page. The manipulation of the argument nome leads to cross site…

  • CVE-2025-8511LowAug 3, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability classified as problematic was found in Portabilis i-Diario 1.5.0. This vulnerability affects unknown code of the file /diario-de-observacoes/ of the component Observações. The manipulation of the argument Descrição leads to cross site scripting. The attack…

  • CVE-2025-8510LowAug 3, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability classified as problematic has been found in Portabilis i-Educar 2.10. This affects the function Gerar of the file ieducar/intranet/educar_matricula_lst.php. The manipulation of the argument ref_cod_aluno leads to cross site scripting. It is possible to initiate…

  • CVE-2025-8509LowAug 3, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was found in Portabilis i-Educar 2.9. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /intranet/educar_servidor_cad.php. The manipulation of the argument matricula leads to cross site scripting. The attack may be…

  • CVE-2025-8508LowAug 3, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was found in Portabilis i-Educar 2.9. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /intranet/educar_avaliacao_desempenho_cad.php. The manipulation of the argument titulo_avaliacao/descricao leads to…

  • CVE-2025-8507LowAug 3, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was found in Portabilis i-Educar 2.9. It has been classified as problematic. Affected is an unknown function of the file /intranet/educar_funcao_lst.php. The manipulation of the argument nm_funcao/abreviatura leads to cross site scripting. It is possible to…

  • CVE-2025-8365LowJul 31, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was found in Portabilis i-Educar 2.10. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file atendidos_cad.php. The manipulation of the argument nome/nome_social/email leads to cross site scripting. The attack…

  • CVE-2025-7872LowJul 20, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was found in Portabilis i-Diario 1.5.0 and classified as problematic. This issue affects some unknown processing of the file /justificativas-de-falta. The manipulation of the argument Justificativa leads to cross site scripting. The attack may be initiated…

  • CVE-2025-7871LowJul 20, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability has been found in Portabilis i-Diario 1.5.0 and classified as problematic. This vulnerability affects unknown code of the file /conteudos. The manipulation of the argument filter[by_description] leads to cross site scripting. The attack can be initiated remotely.…

  • CVE-2025-7870LowJul 20, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability, which was classified as problematic, was found in Portabilis i-Diario 1.5.0. This affects an unknown part of the component justificativas-de-falta Endpoint. The manipulation of the argument Anexo leads to cross site scripting. It is possible to initiate the…

  • CVE-2025-7869LowJul 20, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar 2.9.0. Affected by this issue is some unknown functionality of the file intranet/educar_turma_tipo_det.php?cod_turma_tipo=ID of the component Turma Module. The manipulation of the…

  • CVE-2025-7868LowJul 20, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was found in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /intranet/educar_calendario_dia_motivo_cad.php of the component Calendar Module. The manipulation of the argument Motivo/descricao results in cross site scripting.…

  • CVE-2025-7867LowJul 20, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability has been found in Portabilis i-Educar 2.9.0/2.10.0. This vulnerability affects unknown code of the file /intranet/agenda.php of the component Agenda Module. The manipulation of the argument novo_titulo/novo_descricao leads to cross site scripting. It is possible…

  • CVE-2025-7866LowJul 20, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was found in Portabilis i-Educar 2.9.0. It has been rated as problematic. This issue affects some unknown processing of the file /intranet/educar_deficiencia_lst.php of the component Disabilities Module. The manipulation of the argument Deficiência ou Transtorno…

  • CVE-2025-7113LowJul 7, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was found in Portabilis i-Educar 2.9.0. It has been classified as problematic. Affected is an unknown function of the file /module/ComponenteCurricular/edit?id=ID of the component Curricular Components Module. The manipulation of the argument Nome leads to cross…

  • CVE-2025-7112LowJul 7, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was found in Portabilis i-Educar 2.9.0 and classified as problematic. This issue affects some unknown processing of the file /intranet/educar_funcao_det.php?cod_funcao=COD&ref_cod_instituicao=COD of the component Function Management Module. The manipulation of…

  • CVE-2025-7111LowJul 7, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability has been found in Portabilis i-Educar 2.9.0 and classified as problematic. This vulnerability affects unknown code of the file /intranet/educar_curso_det.php?cod_curso=ID of the component Course Module. The manipulation of the argument Curso leads to cross site…

  • CVE-2025-7110LowJul 7, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability, which was classified as problematic, was found in Portabilis i-Educar 2.9.0. This affects an unknown part of the file /intranet/educar_escola_lst.php of the component School Module. The manipulation of the argument Escola leads to cross site scripting. It is…

  • CVE-2025-7109LowJul 7, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar 2.9.0. Affected by this issue is some unknown functionality of the file /intranet/educar_aluno_beneficio_lst.php of the component Student Benefits Registration. The manipulation of the…

  • CVE-2025-10099LowSep 8, 2025
    risk 0.16cvss 2.4epss 0.00

    A weakness has been identified in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/educar_usuario_cad.php of the component Editar usuário Page. This manipulation of the argument email/data_inicial/data_expiracao…

  • CVE-2025-8920LowAug 13, 2025
    risk 0.16cvss 2.4epss 0.00

    A vulnerability was identified in Portabilis i-Diario 1.6. Affected by this vulnerability is an unknown functionality of the file /dicionario-de-termos-bncc of the component Dicionário de Termos BNCC Page. The manipulation of the argument Planos de ensino leads to cross site…

  • CVE-2025-8919LowAug 13, 2025
    risk 0.16cvss 2.4epss 0.00

    A vulnerability was determined in Portabilis i-Diario up to 1.6. Affected is an unknown function of the file /objetivos-de-aprendizagem-e-habilidades of the component History Page. The manipulation of the argument código/objetivo habilidade leads to cross site scripting. It is…

  • CVE-2025-8918LowAug 13, 2025
    risk 0.16cvss 2.4epss 0.00

    A vulnerability was found in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /intranet/educar_instituicao_cad.php of the component Editar Page. The manipulation of the argument neighborhood name leads to cross site scripting. The attack may…

  • CVE-2025-8545LowAug 5, 2025
    risk 0.16cvss 2.4epss 0.00

    A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar 2.10. Affected by this issue is some unknown functionality of the file /intranet/educar_motivo_afastamento_cad.php. The manipulation of the argument nm_motivo leads to cross site…

  • CVE-2025-8544LowAug 5, 2025
    risk 0.16cvss 2.4epss 0.00

    A vulnerability classified as problematic was found in Portabilis i-Educar 2.10. Affected by this vulnerability is an unknown functionality of the file /module/RegraAvaliacao/edit. The manipulation of the argument nome leads to cross site scripting. The attack can be launched…

  • CVE-2025-8543LowAug 5, 2025
    risk 0.16cvss 2.4epss 0.00

    A vulnerability classified as problematic has been found in Portabilis i-Educar 2.10. Affected is an unknown function of the file /intranet/educar_raca_cad.php. The manipulation of the argument nm_raca leads to cross site scripting. It is possible to launch the attack remotely.…

  • CVE-2025-8542LowAug 5, 2025
    risk 0.16cvss 2.4epss 0.00

    A vulnerability was found in Portabilis i-Educar 2.10. It has been rated as problematic. This issue affects some unknown processing of the file /intranet/empresas_cad.php. The manipulation of the argument fantasia/razao_social leads to cross site scripting. The attack may be…

  • CVE-2025-8541LowAug 5, 2025
    risk 0.16cvss 2.4epss 0.00

    A vulnerability was found in Portabilis i-Educar 2.10. It has been declared as problematic. This vulnerability affects unknown code of the file /intranet/public_uf_cad.php. The manipulation of the argument nome leads to cross site scripting. The attack can be initiated remotely.…

  • CVE-2025-8540LowAug 5, 2025
    risk 0.16cvss 2.4epss 0.00

    A vulnerability was found in Portabilis i-Educar 2.10. It has been classified as problematic. This affects an unknown part of the file /intranet/public_municipio_cad.php. The manipulation of the argument nome leads to cross site scripting. It is possible to initiate the attack…

  • CVE-2025-8539LowAug 5, 2025
    risk 0.16cvss 2.4epss 0.00

    A vulnerability was found in Portabilis i-Educar 2.10 and classified as problematic. Affected by this issue is some unknown functionality of the file /intranet/public_distrito_cad.php. The manipulation of the argument nome leads to cross site scripting. The attack may be…

  • CVE-2025-8538LowAug 5, 2025
    risk 0.16cvss 2.4epss 0.00

    A vulnerability has been found in Portabilis i-Educar 2.10 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /usuarios/tipos/novo. The manipulation of the argument name/description leads to cross site scripting. The attack can…

  • CVE-2024-48325Nov 6, 2024
    risk 0.01cvss epss 0.01

    Portabilis i-Educar 2.8.0 is vulnerable to SQL Injection in the "getDocuments" function of the "InstituicaoDocumentacaoController" class. The "instituicao_id" parameter in "/module/Api/InstituicaoDocumentacao?oper=get&resource=getDocuments&instituicao_id" is not properly…

  • CVE-2025-9638Dec 9, 2025
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Portabilis i-Educar allows Stored Cross-Site Scripting (XSS) via the matricula_interna parameter in the educar_usuario_cad.php endpoint. This issue affects i-Educar: 2.10.0.

  • CVE-2025-65022Nov 19, 2025
    risk 0.00cvss epss 0.00

    i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/agenda.php script. An attacker with access to an authenticated session can execute arbitrary SQL…

  • CVE-2025-65023Nov 19, 2025
    risk 0.00cvss epss 0.00

    i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/funcionario_vinculo_cad.php script. An attacker with access to an authenticated session can execute…