What is CVE-2025-8918 — XSS in i-Educar?

CVE-2025-8918 is a cross-site scripting (XSS) vulnerability in Portabilis i-Educar versions 2.0 through 2.10, allowing attackers to inject malicious scripts.

Am I affected by CVE-2025-8918 in i-Educar?

You are affected if you are running i-Educar versions 2.0 through 2.10. Upgrade to 2.10.1 or later to mitigate the risk.

How do I fix CVE-2025-8918 in i-Educar?

Upgrade i-Educar to version 2.10.1 or later. As a temporary workaround, implement input validation on the 'neighborhood' parameter.

Is CVE-2025-8918 being actively exploited?

While no confirmed active campaigns are known, the public disclosure increases the risk of exploitation.

Where can I find the official i-Educar advisory for CVE-2025-8918?

Refer to the Portabilis security advisories page for updates and official information regarding CVE-2025-8918.

CVE-2025-8918 — Vulnerability Details

NEXTGUARD

Escanear grátis

CVE-2025-8918 — Vulnerability Details | NextGuard

Passos de Detecçãotraduzindo…

• php: Examine access logs for requests to /intranet/educarinstituicaocad.php containing unusual or suspicious characters in the neighborhood parameter.

 grep 'neighborhood=[^a-zA-Z0-9 ]+' /var/log/apache2/access.log

• generic web: Use curl to test the /intranet/educarinstituicaocad.php endpoint with a simple XSS payload (e.g., <script>alert(1)</script>) in the neighborhood parameter. Monitor browser console for alerts.

curl -X POST -d "neighborhood=<script>alert(1)</script>" http://your-i-educar-instance/intranet/educar_instituicao_cad.php

Portabilis i-Educar Editar educar_instituicao_cad.php cross site scripting

Impacto e Cenários de Ataquetraduzindo…

Contexto de Exploraçãotraduzindo…

Quem Está em Riscotraduzindo…

Passos de Detecçãotraduzindo…

Linha do Tempo do Ataque

Inteligência de Ameaças

Software Afetado

Classificação de Fraqueza (CWE)

Linha do tempo

Mitigação e Soluções Alternativastraduzindo…

Como corrigir

Boletim de Segurança CVE

Perguntas frequentestraduzindo…

What is CVE-2025-8918 — XSS in i-Educar?

Am I affected by CVE-2025-8918 in i-Educar?

How do I fix CVE-2025-8918 in i-Educar?

Is CVE-2025-8918 being actively exploited?

Where can I find the official i-Educar advisory for CVE-2025-8918?

Seu projeto está afetado?