CVE-2025-9652
BaseFortify
Publication date: 2025-08-29
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| portabilis | i-educar | to 2.10 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include replacing or upgrading the affected Portabilis i-Educar component to a version that is not vulnerable, as no specific mitigations or patches have been published. Additionally, restricting access to the vulnerable endpoint `/intranet/educar_transferencia_tipo_cad.php` through network controls or web application firewalls can reduce exposure. Implementing input validation and sanitization on the parameters `nm_tipo` and `desc_tipo` to neutralize malicious scripts is recommended if you have the capability to modify the source code. Monitoring for suspicious activity and educating users about the risks of interacting with untrusted inputs can also help reduce impact. [2]
Can you explain this vulnerability to me?
CVE-2025-9652 is a stored Cross-Site Scripting (XSS) vulnerability in Portabilis i-Educar up to version 2.10, specifically in the file /intranet/educar_transferencia_tipo_cad.php. It occurs because the parameters nm_tipo and desc_tipo do not properly validate or sanitize user input, allowing attackers to inject malicious scripts. These scripts are stored on the server and executed in the browsers of users who visit affected pages, such as the listing or detail pages related to transfer types. [1, 2]
How can this vulnerability impact me? :
This vulnerability can lead to session cookie theft, browser hijacking, malware delivery, credential theft, unauthorized access to sensitive information, website defacement, user misdirection, and reputational damage to the affected organization. Attackers can remotely exploit this vulnerability by injecting malicious scripts that execute in other users' browsers, potentially compromising their data and security. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of the vulnerable endpoint `/intranet/educar_transferencia_tipo_cad.php` and testing the parameters `nm_tipo` and `desc_tipo` for improper input sanitization. One detection method is to use Google dorking with the query `inurl:intranet/educar_transferencia_tipo_cad.php` to identify vulnerable targets. Additionally, you can test the parameters by injecting a harmless XSS payload such as `"><img src=x onerror=alert('test')>` into the fields and observing if the script executes on pages like `/intranet/educar_transferencia_tipo_lst.php` or `/intranet/educar_transferencia_tipo_det.php?cod_transferencia_tipo=[id]`. Commands to detect the vulnerability might include using curl or wget to send crafted requests, for example: `curl -X POST -d "nm_tipo=\"><img src=x onerror=alert('test')>&desc_tipo=test" https://target/intranet/educar_transferencia_tipo_cad.php` and then checking the response or subsequent pages for script execution. [2, 1]