Description

i-Educar is free, fully online school management software. Version 2.9 of the application fails to properly validate and sanitize user supplied input, leading to a stored cross-site scripting vulnerability that resides within the user type (Tipo de Usuário) input field. Through this attacker vector a malicious user might be able to retrieve information belonging to another user, which may lead to sensitive information leakage or other malicious actions. As of time of publication, no patched versions are known to exist.

INFO

Published Date :

2025-05-07T23:49:46.016Z

Last Modified :

2025-05-08T13:58:11.917Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-55651 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-55651.

URL Resource
https://github.com/portabilis/i-educar/security/advisories/GHSA-8fjj-9937-g84w cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability