| 제목 | Portabilis i-Educar 2.10 Cross Site Scripting |
|---|
| 설명 | Multiples Stored Cross-Site Scripting (XSS) in educar_calendario_dia_motivo_cad.php
Summary
Multiples Stored Cross-Site Scripting (XSS) vulnerability was identified in the /intranet/educar_calendario_dia_motivo_cad.php endpoint of the i-Educar application. This vulnerability allows attackers to inject malicious scripts into the nm_motivo and descricao parameters. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk.
Details
Vulnerable Endpoint: /intranet/educar_calendario_dia_motivo_cad.php
Parameter: nm_motivo, descricao
Trigger Page: /intranet/educar_turma_tipo_lst.php
Other Affected Endpoint: /intranet/educar_calendario_dia_motivo_ det.php?cod_calendario_dia_motivo=[id]
The application fails to properly validate and sanitize user inputs in the nm_motivo and descricao parameters. This lack of validation allows attackers to inject malicious scripts, which are then stored on the server. Whenever the affected page is accessed, the malicious payload is executed in the victim's browser, potentially compromising the user's data and system.
PoC
Step by Step:
Access vulnerable endpoint and select default option in first and second fields. Insert the payload in third field ("Motivo") and fifth field ("Descição"). Choose and type any values in other required fields, click on "Salvar" and the trigger page will be activated automatically.
Payload:
"><img src=x onerror=alert('CVE-Hunters')>
Image 1: https://github.com/KarinaGante/KGSec/raw/main/CVEs/images/storedXss89.png
Image 2: https://github.com/KarinaGante/KGSec/raw/main/CVEs/images/storedXss90.png
Image 3: https://github.com/KarinaGante/KGSec/raw/main/CVEs/images/storedXss91.png
If click on new register in trigger page, can be redirected to other affected endpoint: /intranet/educar_calendario_dia_motivo_
det.php?cod_calendario_dia_motivo=[id], confirming that the two fields is vulnerable.
Image 4: https://github.com/KarinaGante/KGSec/raw/main/CVEs/images/storedXss92.png
Image 5: https://github.com/KarinaGante/KGSec/raw/main/CVEs/images/storedXss93.png
Impact
Stealing session cookies: Attackers can use stolen session cookies to hijack a user's session and perform actions on their behalf.
Downloading malware: Attackers can trick users into downloading and installing malware on their computers.
Hijacking browsers: Attackers can hijack a user's browser or deliver browser-based exploits.
Stealing credentials: Attackers can steal a user's credentials.
Obtaining sensitive information: Attackers can obtain sensitive information stored in a user's account or in their browser.
Defacing websites: Attackers can deface a website by altering its content.
Misdirecting users: Attackers can change the instructions given to users who visit the target website, misdirecting their behavior.
Damaging a business's reputation: Attackers can damage a business's image or spread misinformation by defacing a corporate website.
Finder
Discovered by Karina Gante |
|---|
| 원천 | ⚠️ https://github.com/KarinaGante/KGSec/blob/main/CVEs/i-educar/23.md |
|---|
| 사용자 | karinagante (UID 88113) |
|---|
| 제출 | 2025. 08. 29. PM 10:01 (10 개월 ago) |
|---|
| 모더레이션 | 2025. 09. 16. PM 10:15 (18 days later) |
|---|
| 상태 | 중복 |
|---|
| VulDB 항목 | 316981 [Portabilis i-Educar 까지 2.10 Calendar educar_calendario_dia_motivo_cad.php Motivo/descricao 크로스 사이트 스크립팅] |
|---|
| 이유 | Disclosure not available, page shows error message |
|---|
| 포인트들 | 0 |
|---|