| 제목 | Portabilis i-Educar 2.9.0 Stored Cross Site Scripting |
|---|
| 설명 | Hello team!
A stored XSS vulnerability was discovered in the i-Educar platform, specifically within the Turma module. An attacker can inject malicious JavaScript code into the "Class Type" (nm_tipo) field. This code is then stored in the database and executed in the browser of any user who visits the affected page, without further interaction.
Module: Turma (intranet/educar_turma_tipo_det.php?cod_turma_tipo=ID)
Vulnerable Field: Turma Tipo (nm_tipo)
???? Proof of Concept (PoC) Steps
1 - Log in Authenticate to the i-Educar platform using valid credentials.
2 - Go to " Início / Escola / Editar tipo de turma" Access the Turma via: Escola > Cadastro > Tipo > Turma > Tipo de Turma
/intranet/educar_turma_tipo_lst.php
3 - Edit or Create an "Turma Tipo"
Insert the XSS payload in the "Turma Tipo" (nm_tipo) field:
<script>alert('PoC VulDB i-Educar PaCXXX')</script>
4 - Click "Salvar"
5 - Trigger the Payload Reopen the page — the script will execute.
|
|---|
| 원천 | ⚠️ https://github.com/RaulPazemecxas/PoCVulDb/blob/main/README19.md |
|---|
| 사용자 | RaulPACXXX (UID 84502) |
|---|
| 제출 | 2025. 06. 27. PM 09:40 (10 개월 ago) |
|---|
| 모더레이션 | 2025. 07. 19. AM 07:53 (21 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 316982 [Portabilis i-Educar 2.9.0 Turma educar_turma_tipo_det.php?cod_turma_tipo=ID nm_tipo 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|