| Title | Portabilis i-Educar 2.9.0 Stored Cross Site Scripting |
|---|
| Description | Hello team,
A Stored XSS vulnerability was identified in the “Curso” module of i-Educar. The “Curso” field allows JavaScript injection, which is stored and later executed when the course list is paginated and navigated by authenticated users.
**Vulnerability Type:** Stored Cross-Site Scripting (XSS)
**Affected Application:** i-Educar
**Vulnerable Endpoint:** /intranet/educar_curso_det.php?cod_curso=ID
**Vulnerable Parameter:** “Curso” field (stored via /intranet/educar_curso_lst.php?busca=)
???? PoC Step-by-Step
1 - Authentication:
Log in to i-Educar with valid credentials.
2 - Access the "Curso" module:
Navigate to:
Cadastro > Curso
URL: /intranet/educar_curso_lst.php?busca=S
3 - Create or Edit "Curso" Entry:
Either create a new "Curso" or edit an existing one.
4 - Edit Vulnerable Field:
Go to:
/intranet/educar_curso_cad.php?cod_curso=ID
5 - Insert Payload:
In the “Curso” field, insert:
<script>alert('PoC VulDB i-Educar Pacxxx')</script>
Save and Trigger:
**NOTE: FOR THE INJECTED SCRIPT TO BE LOADED, NAVIGATE AMONG THE RECORDS IN THE BOTTOM PAGE TAB**
Recommendations & Mitigations
Input Sanitization: Reject or neutralize input containing scripts or HTML.
Output Encoding: Properly encode all user input before rendering in HTML.
Use of XSS Mitigation Libraries: Tools like OWASP Java Encoder, HTMLPurifier, or DOMPurify should be employed.
|
|---|
| Source | ⚠️ https://github.com/RaulPazemecxas/PoCVulDb/blob/main/README13.md |
|---|
| User | RaulPACXXX (UID 84502) |
|---|
| Submission | 06/27/2025 01:16 (10 months ago) |
|---|
| Moderation | 07/06/2025 07:41 (9 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 315022 [Portabilis i-Educar 2.9.0 Course educar_curso_det.php?cod_curso=ID Curso cross site scripting] |
|---|
| Points | 20 |
|---|