5.1
CVE-2025-9724 - Portabilis i-Educar educar_nivel_ensino_cad.php cross site scripting
A vulnerability was determined in Portabilis i-Educar up to 2.10. This impacts an unknown function of the file /intranet/educar_nivel_ensino_cad.php. Executing manipulation of the argument nm_nivel/descricao can lead to cross site scripting. The attack can be launched remotely. The exploit has beenβ¦
5.1
CVE-2025-9723 - Portabilis i-Educar educar_tipo_regime_cad.php cross site scripting
A vulnerability was found in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /intranet/educar_tipo_regime_cad.php. Performing manipulation of the argument nm_tipo results in cross site scripting. The attack can be initiated remotely. The exploit has been made public andβ¦
5.1
CVE-2025-9722 - Portabilis i-Educar educar_tipo_ocorrencia_disciplinar_cad.php cross site scripting
A vulnerability has been found in Portabilis i-Educar up to 2.10. The impacted element is an unknown function of the file /intranet/educar_tipo_ocorrencia_disciplinar_cad.php. Such manipulation of the argument nm_tipo/descricao leads to cross site scripting. It is possible to launch the attack remoβ¦
5.1
CVE-2025-9721 - Portabilis i-Educar edit cross site scripting
A flaw has been found in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /module/FormulaMedia/edit. This manipulation of the argument nome/formulaMedia causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been publishedβ¦
5.1
CVE-2025-9720 - Portabilis i-Educar Cadastrar tabela de arredondamento edit cross site scripting
A vulnerability was detected in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/TabelaArredondamento/edit of the component Cadastrar tabela de arredondamento Page. The manipulation of the argument Nome results in cross site scripting. The attack may be performed β¦
5.1
CVE-2025-9719 - O2OA Personal Profile script cross site scripting
A weakness has been identified in O2OA up to 10.0-410. This vulnerability affects unknown code of the file /x_processplatform_assemble_designer/jaxrs/script of the component Personal Profile Page. Executing manipulation of the argument name/alias/description/applicationName can lead to cross site sβ¦
5.1
CVE-2025-9718 - O2OA Personal Profile process cross site scripting
A security flaw has been discovered in O2OA up to 10.0-410. This affects an unknown part of the file /x_processplatform_assemble_designer/jaxrs/process of the component Personal Profile Page. Performing manipulation of the argument name/alias results in cross site scripting. Remote exploitation of β¦
5.1
CVE-2025-9717 - O2OA Personal Profile unit cross site scripting
A vulnerability was identified in O2OA up to 10.0-410. Affected by this issue is some unknown functionality of the file /x_organization_assemble_control/jaxrs/unit/ of the component Personal Profile Page. Such manipulation of the argument name/shortName/distinguishedName/pinyin/pinyinInitial/levelNβ¦
5.1
CVE-2025-9716 - O2OA Personal Profile form cross site scripting
A vulnerability was determined in O2OA up to 10.0-410. Affected by this vulnerability is an unknown functionality of the file /x_processplatform_assemble_designer/jaxrs/form of the component Personal Profile Page. This manipulation of the argument name/alias/description causes cross site scripting.β¦
5.5
CVE-2025-5083 - Amministrazione Trasparente <= 9.0 - Authenticated (Administrator+) Stored Cross-Site Scripting viaβ¦
The Amministrazione Trasparente plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level perβ¦