VYPR

Vendor CVEs

Portabilis

All CVEs

108 total · sorted by risk
  • CVE-2025-65024Nov 19, 2025
    risk 0.00cvss epss 0.00

    i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/agenda_admin_cad.php script. An attacker with access to an authenticated session can execute arbitrary…

  • CVE-2024-55651May 7, 2025
    risk 0.00cvss epss 0.00

    i-Educar is free, fully online school management software. Version 2.9 of the application fails to properly validate and sanitize user supplied input, leading to a stored cross-site scripting vulnerability that resides within the user type (Tipo de Usuário) input field. Through…

  • CVE-2024-12893Dec 22, 2024
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar up to 2.9. Affected by this issue is some unknown functionality of the file /usuarios/tipos/2 of the component Tipo de Usuário Page. The manipulation of the argument name leads to cross…

  • CVE-2024-55239Dec 18, 2024
    risk 0.00cvss epss 0.00

    A reflected Cross-Site Scripting vulnerability in the standard documentation upload functionality in Portabilis i-Educar 2.9 allows attacker to craft malicious urls with arbitrary javascript in the 'titulo_documento' parameter.

  • CVE-2024-45059Aug 28, 2024
    risk 0.00cvss epss 0.01

    i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A SQL Injection vulnerability was found prior to the 2.9 branch in the `ieducar/intranet/funcionario_vinculo_det.php` file, which creates…

  • CVE-2024-45058Aug 28, 2024
    risk 0.00cvss epss 0.01

    i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. Prior to the 2.9 branch, an attacker with only minimal viewing privileges in the settings section is able to change their user type to…

  • CVE-2024-45057Aug 28, 2024
    risk 0.00cvss epss 0.00

    i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the dynamic generation of HTML fields prior to the 2.9 branch. The…

  • CVE-2023-5578Oct 14, 2023
    risk 0.00cvss epss 0.00

    A vulnerability was found in Portábilis i-Educar up to 2.7.5. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file \intranet\agenda_imprimir.php of the component HTTP GET Request Handler. The manipulation of the argument…

Page 3 of 3