Vulnerability Details CVE-2025-9638
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Portabilis i-Educar allows Stored Cross-Site Scripting (XSS) via the matricula_interna parameter in the educar_usuario_cad.php endpoint.
This issue affects i-Educar: 2.10.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 13.1%
CVSS Severity
CVSS v3 Score 4.8
References
Products affected by CVE-2025-9638
-
cpe:2.3:a:portabilis:i-educar:2.10.0