CVE-2026-4355
Cross-Site Scripting in Portabilis i-Educar Endpoint Component
Publication date: 2026-03-18
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| portabilis | i-educar | 2.11 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-4355 is a stored Cross-Site Scripting (XSS) vulnerability found in Portabilis i-Educar version 2.11, specifically in the file /intranet/educar_servidor_curso_lst.php of the Endpoint component.'}, {'type': 'paragraph', 'content': 'The vulnerability occurs because the application improperly validates and sanitizes the user-controllable input passed through the "name" parameter. This allows attackers to inject malicious scripts that are stored on the server.'}, {'type': 'paragraph', 'content': 'When users access the page associated with the injected data (such as ComponenteCurricular/view), the malicious scripts execute automatically in their browsers, leading to cross-site scripting attacks.'}, {'type': 'paragraph', 'content': 'The attack can be initiated remotely and requires user interaction. The vulnerability is publicly known, with proof-of-concept exploits available.'}] [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can have several serious impacts including:
- Stealing session cookies, which enables attackers to hijack user sessions.
- Distributing malware to victim machines.
- Hijacking browsers or delivering browser-based exploits.
- Stealing user credentials and unauthorized access to sensitive information.
- Defacing websites and misdirecting users by altering website content or instructions.
- Damaging the reputation of affected businesses through misinformation or website defacement.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by identifying if the vulnerable endpoint `/intranet/educar_servidor_curso_lst.php` is accessible and if it improperly handles the `name` parameter allowing injection of malicious scripts.'}, {'type': 'paragraph', 'content': 'One detection method is to perform a targeted request to the vulnerable endpoint with a test payload in the `name` parameter and observe if the payload is reflected or stored without proper sanitization.'}, {'type': 'list_item', 'content': "Use curl or similar tools to send a crafted request, for example: curl -G 'http://target/intranet/educar_servidor_curso_lst.php' --data-urlencode 'name=<script>alert(1)</script>'"}, {'type': 'list_item', 'content': 'Search your web server logs or network traffic for requests containing suspicious or script-like content in the `name` parameter.'}, {'type': 'list_item', 'content': 'Use Google dorking with queries like `inurl:intranet/educar_servidor_curso_lst.php` to identify potentially vulnerable instances exposed on the internet.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include sanitizing and validating all user inputs, especially the `name` parameter in the `/intranet/educar_servidor_curso_lst.php` endpoint, to prevent injection of malicious scripts.
Since no official vendor patch or mitigation is available, consider implementing web application firewall (WAF) rules to block or filter suspicious payloads targeting the vulnerable parameter.
Restrict access to the vulnerable endpoint to trusted users or internal networks only, if possible, to reduce exposure.
Monitor logs for suspicious activity related to the `name` parameter and respond promptly to any detected exploitation attempts.