CVE-2025-7872
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-20

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was found in Portabilis i-Diario 1.5.0 and classified as problematic. This issue affects some unknown processing of the file /justificativas-de-falta. The manipulation of the argument Justificativa leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-20
Last Modified
2026-04-29
Generated
2026-05-07
AI Q&A
2025-07-20
EPSS Evaluated
2026-05-05
NVD
CVE-2025-7872
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
portabilis i-diario 1.5.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-7872 is a Stored Cross-Site Scripting (XSS) vulnerability in Portabilis i-Diario version 1.5.0, specifically in the /justificativas-de-falta endpoint. It occurs due to improper sanitization or neutralization of the 'Justificativa' parameter, allowing attackers to inject malicious scripts that are stored on the server. These scripts execute automatically when other users access the affected page, potentially enabling malicious actions such as session hijacking or defacement. [1, 2]


How can this vulnerability impact me? :

This vulnerability can impact you by allowing remote attackers to execute malicious scripts in the context of your users' browsers. This can lead to session hijacking, defacement, or other malicious actions that compromise data integrity and user trust. Since the exploit is publicly available and easy to exploit, it poses a significant security risk if the affected system is not properly mitigated. [1, 2]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by testing the /justificativas-de-falta endpoint for improper sanitization of the 'Justificativa' parameter. You can use web application security testing tools or manual curl commands to inject typical XSS payloads and observe if the input is reflected unsanitized in the response. For example, using curl: curl -X POST 'http://target/justificativas-de-falta/[ID]' -d 'Justificativa=<script>alert(1)</script>' and checking if the script tag is executed or reflected in the response. Additionally, automated scanners that detect stored XSS vulnerabilities can be used to identify this issue. [1, 2]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include restricting access to the affected endpoint, implementing input validation and output encoding on the 'Justificativa' parameter to neutralize malicious scripts, and applying web application firewalls (WAF) rules to block XSS payloads targeting this endpoint. Since no official patch or vendor response is available, monitoring and blocking suspicious requests and educating users about the risk can help reduce impact until a fix is released. [2]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart