CVE-2025-10099
BaseFortify
Publication date: 2025-09-08
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| portabilis | i-educar | to 2.10.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-10099 is a reflected Cross-Site Scripting (XSS) vulnerability in Portabilis i-Educar up to version 2.10, specifically in the Editar usuΓ‘rio (Edit User) page at /intranet/educar_usuario_cad.php. The vulnerability occurs because the parameters email, data_inicial, and data_expiracao are not properly validated or sanitized, allowing an attacker to inject malicious JavaScript code. When a victim accesses a crafted URL containing this malicious code, it executes in their browser, potentially leading to unauthorized actions. [1, 2]
How can this vulnerability impact me? :
This vulnerability can lead to session hijacking, credential theft, malware delivery, phishing attacks, damage to reputation, and manipulation of client-side application behavior. An attacker can remotely exploit it by tricking a user into accessing a maliciously crafted URL, causing the injected script to execute in the victim's browser. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the vulnerable endpoint /educar_usuario_cad.php with specially crafted payloads in the email, data_inicial, or data_expiracao parameters to check for reflected XSS. For example, you can use curl commands to send requests with XSS payloads and observe if the payload is reflected in the response. Example curl command for the email parameter: curl -i 'http://target/intranet/educar_usuario_cad.php?email=%22%3E%3Cimg%20src=x%20onerror=alert(1)%3E'. Additionally, Google dorking such as searching for inurl:intranet/educar_usuario_cad.php can help identify vulnerable instances. Manual testing by logging into i-educar with appropriate permissions and injecting payloads in the Email field or modifying HTTP requests for data_inicial and data_expiracao parameters can also detect the vulnerability. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding use of the affected component or product (Portabilis i-Educar up to version 2.10) until a fix or patch is available. Since no official patch or fix has been published, it is recommended to restrict access to the vulnerable endpoint, apply strict input validation and sanitization on the affected parameters if possible, and monitor for exploitation attempts. Limiting user permissions to reduce the risk of exploitation and educating users about phishing and suspicious links can also help. Ultimately, replacing or upgrading the affected software component is advised as a precaution. [2]