CVE-2025-9653

Public Exploit

Portabilis i-Educar Cadastrar projeto educar_projeto_cad.php cross site scripting

Description

A vulnerability was identified in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/educar_projeto_cad.php of the component Cadastrar projeto Page. Such manipulation of the argument nome/observacao leads to cross site scripting. It is possible to launch the attack remotely. The exploit is publicly available and might be used.

References

Link	Tags
https://vuldb.com/?id.321861	vdb entry technical description
https://vuldb.com/?ctiid.321861	permissions required signature
https://vuldb.com/?submit.636957	third party advisory
https://karinagante.github.io/cve-2025-9653/	related
https://karinagante.github.io/cve-2025-9653/#proof-of-concept-poc	exploit

Frequently Asked Questions

What is the severity of CVE-2025-9653?: CVE-2025-9653 has been scored as a medium severity vulnerability.
How to fix CVE-2025-9653?: To fix CVE-2025-9653, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-9653 being actively exploited in the wild?: It is possible that CVE-2025-9653 is being exploited or will be exploited in a near future based on public information.
What software or system is affected by CVE-2025-9653?: CVE-2025-9653 affects Portabilis i-Educar.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.

Description

Category

CWE-79 – Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

References

Frequently Asked Questions