Description

i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the dynamic generation of HTML fields prior to the 2.9 branch. The file located at `ieducar/intranet/include/clsCampos.inc.php` does not properly validate or sanitize user-controlled input, leading to the vulnerability. Any page that uses this implementation is vulnerable, such as `intranet/educar_curso_lst.php?nm_curso=<payload>`, `intranet/atendidos_lst.php?nm_pessoa=<payload>`, `intranet/educar_abandono_tipo_lst?nome=<payload>`. Commit f2d768534aabc09b2a1fc8a5cc5f9c93925cb273 contains a patch for the issue.

INFO

Published Date :

2024-08-28T20:17:27.748Z

Last Modified :

2024-09-06T19:25:24.190Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-45057 vulnerability.

Vendors Products
Portabilis
  • I-educar
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-45057.

URL Resource
https://github.com/portabilis/i-educar/commit/f2d768534aabc09b2a1fc8a5cc5f9c93925cb273 cve-icon cve-icon
https://github.com/portabilis/i-educar/security/advisories/GHSA-fqwh-c3c8-7gwj cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact