6.3
CVE-2025-9109 - Portabilis i-Diario Password Recovery Endpoint email observable response discrepancy
A security flaw has been discovered in Portabilis i-Diario up to 1.5.0. Affected by this vulnerability is an unknown functionality of the file /password/email of the component Password Recovery Endpoint. The manipulation results in observable response discrepancy. It is possible to launch the attac…
5.3
CVE-2025-9108 - Portabilis i-Diario Login Page ui layer
Affected is an unknown function of the component Login Page. The manipulation leads to improper restriction of rendered ui layers. It is possible to launch the attack remotely.
5.3
CVE-2025-9107 - Portabilis i-Diario search_autocomplete cross site scripting
A vulnerability was determined in Portabilis i-Diario up to 1.5.0. This impacts an unknown function of the file /alunos/search_autocomplete. Executing manipulation of the argument q can lead to cross site scripting. The attack may be performed from a remote location. The exploit has been publicly d…
5.1
CVE-2025-9106 - Portabilis i-Diario Informações Adicionais /planos-de-ensino-por-disciplina cross site scripting
A vulnerability was found in Portabilis i-Diario up to 1.5.0. This affects an unknown function of the file /planos-de-ensino-por-disciplina/ of the component Informações Adicionais Page. Performing manipulation of the argument Parecer/Conteúdos/Objetivos results in cross site scripting. The attack …
5.1
CVE-2025-9105 - Portabilis i-Diario Informações Adicionais /planos-de-ensino-por-areas-de-conhecimento cross site s…
A vulnerability has been found in Portabilis i-Diario up to 1.5.0. The impacted element is an unknown function of the file /planos-de-ensino-por-areas-de-conhecimento/ of the component Informações Adicionais Page. Such manipulation of the argument Parecer/Conteúdos/Objetivos leads to cross site scr…
5.1
CVE-2025-9104 - Portabilis i-Diario Informações Adicionais /planos-de-aulas-por-disciplina cross site scripting
A flaw has been found in Portabilis i-Diario up to 1.5.0. The affected element is an unknown function of the file /planos-de-aulas-por-disciplina/ of the component Informações Adicionais Page. This manipulation of the argument Parecer/Objeto de Conhecimento/Habilidades causes cross site scripting. …
4.8
CVE-2025-9103 - ZenCart CKEditor cross site scripting
A vulnerability was detected in ZenCart 2.1.0. Affected by this vulnerability is an unknown functionality of the component CKEditor. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The real existence …
4.8
CVE-2025-9102 - 1&1 Mail & Media mail.com App com.mail.mobile.android.mail AndroidManifest.xml improper export of a…
A security vulnerability has been detected in 1&1 Mail & Media mail.com App 8.8.0 on Android. Affected is an unknown function of the file AndroidManifest.xml of the component com.mail.mobile.android.mail. The manipulation leads to improper export of android application components. It is possible to…
5.1
CVE-2025-9101 - zhenfeng13 My-Blog Tag save cross site scripting
A weakness has been identified in zhenfeng13 My-Blog up to 1.0.0. This issue affects some unknown processing of the file /admin/tags/save of the component Tag Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public …
6.9
CVE-2025-9100 - zhenfeng13 My-Blog Frontend Blog Article Comment comment authentication replay
A security flaw has been discovered in zhenfeng13 My-Blog 1.0.0. This vulnerability affects unknown code of the file /blog/comment of the component Frontend Blog Article Comment Handler. The manipulation leads to authentication bypass by capture-replay. The attack can be initiated remotely. The exp…