CVE-2025-8918
BaseFortify
Publication date: 2025-08-13
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| portabilis | i-educar | to 2.10.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-8918 is a stored Cross-Site Scripting (XSS) vulnerability in Portabilis i-Educar versions up to 2.10, specifically in the neighborhood name input field on the /intranet/educar_instituicao_cad.php page. The application does not properly validate or sanitize this input, allowing attackers to inject malicious JavaScript code that is stored and executed when users revisit the affected page. This can be exploited remotely but requires user interaction and authentication. [1, 2]
How can this vulnerability impact me? :
This vulnerability can lead to session cookie theft and session hijacking, malware download and installation on victim machines, browser hijacking, credential theft, unauthorized access to sensitive user information, website defacement, user misdirection through manipulated instructions, and damage to business reputation via misinformation or defacement. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying instances of the vulnerable endpoint `/intranet/educar_instituicao_cad.php` and testing the `neighborhood name` input field for stored cross-site scripting (XSS) payloads. One method to locate potentially vulnerable targets is using Google dorking with the query `inurl:intranet/educar_instituicao_cad.php`. To test the vulnerability, you can attempt to inject a JavaScript payload such as `"><svg onload=alert(1)>` into the neighborhood field and observe if the script executes when revisiting the page. Network monitoring tools can also be used to detect suspicious JavaScript payloads in requests to this endpoint. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable endpoint `/intranet/educar_instituicao_cad.php` to trusted users only, applying input validation and sanitization on the `neighborhood name` parameter to neutralize malicious scripts, and monitoring for suspicious activity related to this input field. Since no vendor patch or official mitigation is available, consider implementing web application firewall (WAF) rules to block common XSS payloads targeting this parameter. Additionally, educate users about the risk of interacting with untrusted inputs and monitor logs for exploitation attempts. [1, 2]