Vendor CVEs
Portabilis
All CVEs
108 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-65024 | 0.00 | — | 0.00 | Nov 19, 2025 | i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/agenda_admin_cad.php script. An attacker with access to an authenticated session can execute arbitrary… | |||
| CVE-2024-55651 | 0.00 | — | 0.00 | May 7, 2025 | i-Educar is free, fully online school management software. Version 2.9 of the application fails to properly validate and sanitize user supplied input, leading to a stored cross-site scripting vulnerability that resides within the user type (Tipo de Usuário) input field. Through… | |||
| CVE-2024-12893 | 0.00 | — | 0.00 | Dec 22, 2024 | A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar up to 2.9. Affected by this issue is some unknown functionality of the file /usuarios/tipos/2 of the component Tipo de Usuário Page. The manipulation of the argument name leads to cross… | |||
| CVE-2024-55239 | 0.00 | — | 0.00 | Dec 18, 2024 | A reflected Cross-Site Scripting vulnerability in the standard documentation upload functionality in Portabilis i-Educar 2.9 allows attacker to craft malicious urls with arbitrary javascript in the 'titulo_documento' parameter. | |||
| CVE-2024-45059 | 0.00 | — | 0.01 | Aug 28, 2024 | i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A SQL Injection vulnerability was found prior to the 2.9 branch in the `ieducar/intranet/funcionario_vinculo_det.php` file, which creates… | |||
| CVE-2024-45058 | 0.00 | — | 0.01 | Aug 28, 2024 | i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. Prior to the 2.9 branch, an attacker with only minimal viewing privileges in the settings section is able to change their user type to… | |||
| CVE-2024-45057 | 0.00 | — | 0.00 | Aug 28, 2024 | i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the dynamic generation of HTML fields prior to the 2.9 branch. The… | |||
| CVE-2023-5578 | 0.00 | — | 0.00 | Oct 14, 2023 | A vulnerability was found in Portábilis i-Educar up to 2.7.5. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file \intranet\agenda_imprimir.php of the component HTTP GET Request Handler. The manipulation of the argument… |
- CVE-2025-65024Nov 19, 2025risk 0.00cvss —epss 0.00
i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/agenda_admin_cad.php script. An attacker with access to an authenticated session can execute arbitrary…
- CVE-2024-55651May 7, 2025risk 0.00cvss —epss 0.00
i-Educar is free, fully online school management software. Version 2.9 of the application fails to properly validate and sanitize user supplied input, leading to a stored cross-site scripting vulnerability that resides within the user type (Tipo de Usuário) input field. Through…
- CVE-2024-12893Dec 22, 2024risk 0.00cvss —epss 0.00
A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar up to 2.9. Affected by this issue is some unknown functionality of the file /usuarios/tipos/2 of the component Tipo de Usuário Page. The manipulation of the argument name leads to cross…
- CVE-2024-55239Dec 18, 2024risk 0.00cvss —epss 0.00
A reflected Cross-Site Scripting vulnerability in the standard documentation upload functionality in Portabilis i-Educar 2.9 allows attacker to craft malicious urls with arbitrary javascript in the 'titulo_documento' parameter.
- CVE-2024-45059Aug 28, 2024risk 0.00cvss —epss 0.01
i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A SQL Injection vulnerability was found prior to the 2.9 branch in the `ieducar/intranet/funcionario_vinculo_det.php` file, which creates…
- CVE-2024-45058Aug 28, 2024risk 0.00cvss —epss 0.01
i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. Prior to the 2.9 branch, an attacker with only minimal viewing privileges in the settings section is able to change their user type to…
- CVE-2024-45057Aug 28, 2024risk 0.00cvss —epss 0.00
i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the dynamic generation of HTML fields prior to the 2.9 branch. The…
- CVE-2023-5578Oct 14, 2023risk 0.00cvss —epss 0.00
A vulnerability was found in Portábilis i-Educar up to 2.7.5. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file \intranet\agenda_imprimir.php of the component HTTP GET Request Handler. The manipulation of the argument…
Page 3 of 3