| عنوان | Portabilis i-Educar 2.9.0 Stored Cross Site Scripting |
|---|
| الوصف | Hello team!
A stored XSS vulnerability was discovered in the i-Educar platform, specifically within the Turma module. An attacker can inject malicious JavaScript code into the "Class Type" (nm_tipo) field. This code is then stored in the database and executed in the browser of any user who visits the affected page, without further interaction.
Module: Turma (intranet/educar_turma_tipo_det.php?cod_turma_tipo=ID)
Vulnerable Field: Turma Tipo (nm_tipo)
???? Proof of Concept (PoC) Steps
1 - Log in Authenticate to the i-Educar platform using valid credentials.
2 - Go to " Início / Escola / Editar tipo de turma" Access the Turma via: Escola > Cadastro > Tipo > Turma > Tipo de Turma
/intranet/educar_turma_tipo_lst.php
3 - Edit or Create an "Turma Tipo"
Insert the XSS payload in the "Turma Tipo" (nm_tipo) field:
<script>alert('PoC VulDB i-Educar PaCXXX')</script>
4 - Click "Salvar"
5 - Trigger the Payload Reopen the page — the script will execute.
|
|---|
| المصدر | ⚠️ https://github.com/RaulPazemecxas/PoCVulDb/blob/main/README19.md |
|---|
| المستخدم | RaulPACXXX (UID 84502) |
|---|
| ارسال | 27/06/2025 09:40 PM (10 أشهر منذ) |
|---|
| الاعتدال | 19/07/2025 07:53 AM (21 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 316982 [Portabilis i-Educar 2.9.0 Turma educar_turma_tipo_det.php?cod_turma_tipo=ID nm_tipo البرمجة عبر المواقع] |
|---|
| النقاط | 20 |
|---|