cvelistv5 - cve-2025-8787

CVE-2025-8787 (GCVE-0-2025-8787)

Vulnerability from cvelistv5

Published

2025-08-10 01:02

Modified

2025-08-12 15:21

Severity ?

2.0 (Low) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RC:R
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RC:R

CWE

CWE-79 - Cross Site Scripting
CWE-94 - Code Injection

Summary

A vulnerability has been found in Portabilis i-Diario up to 1.5.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /registros-de-conteudos-por-disciplina/ of the component Registro das atividades. The manipulation of the argument Registro de atividades/Conteúdos leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References

►

URL

Tags

	cna@vuldb.com	https://github.com/marcelomulder/CVE/blob/main/i-diario/CVE-2025-8787.md
	cna@vuldb.com	https://github.com/marcelomulder/CVE/blob/main/i-diario/Stored%20XSS%20endpoint%20registros-de-conteudos-por-disciplina.(ID)%20in%20multiples%20parameters.md
	cna@vuldb.com	https://vuldb.com/?ctiid.319315
	cna@vuldb.com	https://vuldb.com/?id.319315
	cna@vuldb.com	https://vuldb.com/?submit.625795
	134c704f-9b21-4f2e-91b3-4a467353bcc0	https://github.com/marcelomulder/CVE/blob/main/i-diario/CVE-2025-8787.md
	134c704f-9b21-4f2e-91b3-4a467353bcc0	https://vuldb.com/?submit.625795

Impacted products

	Vendor	Product	Version
	Portabilis	i-Diario	Version: 1.0 Version: 1.1 Version: 1.2 Version: 1.3 Version: 1.4 Version: 1.5.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-8787",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-12T15:21:35.300804Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-12T15:21:39.122Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/marcelomulder/CVE/blob/main/i-diario/CVE-2025-8787.md"
          },
          {
            "tags": [
              "exploit"
            ],
            "url": "https://vuldb.com/?submit.625795"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "Registro das atividades"
          ],
          "product": "i-Diario",
          "vendor": "Portabilis",
          "versions": [
            {
              "status": "affected",
              "version": "1.0"
            },
            {
              "status": "affected",
              "version": "1.1"
            },
            {
              "status": "affected",
              "version": "1.2"
            },
            {
              "status": "affected",
              "version": "1.3"
            },
            {
              "status": "affected",
              "version": "1.4"
            },
            {
              "status": "affected",
              "version": "1.5.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "marceloQz (VulDB User)"
        },
        {
          "lang": "en",
          "type": "analyst",
          "value": "marceloQz (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been found in Portabilis i-Diario up to 1.5.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /registros-de-conteudos-por-disciplina/ of the component Registro das atividades. The manipulation of the argument Registro de atividades/Conte\u00fados leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "In Portabilis i-Diario bis 1.5.0 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei /registros-de-conteudos-por-disciplina/ der Komponente Registro das atividades. Durch das Manipulieren des Arguments Registro de atividades/Conte\u00fados mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 4,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Cross Site Scripting",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "Code Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-10T01:02:06.962Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-319315 | Portabilis i-Diario Registro das atividades registros-de-conteudos-por-disciplina cross site scripting",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.319315"
        },
        {
          "name": "VDB-319315 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.319315"
        },
        {
          "name": "Submit #625795 | Portabilis i-diario 1.5.0 Cross Site Scripting (XSS) Stored",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.625795"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://github.com/marcelomulder/CVE/blob/main/i-diario/CVE-2025-8787.md"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/marcelomulder/CVE/blob/main/i-diario/Stored%20XSS%20endpoint%20registros-de-conteudos-por-disciplina.(ID)%20in%20multiples%20parameters.md"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-08-09T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-08-09T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-08-09T08:29:24.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Portabilis i-Diario Registro das atividades registros-de-conteudos-por-disciplina cross site scripting"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-8787",
    "datePublished": "2025-08-10T01:02:06.962Z",
    "dateReserved": "2025-08-09T05:11:23.243Z",
    "dateUpdated": "2025-08-12T15:21:39.122Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-8787\",\"sourceIdentifier\":\"cna@vuldb.com\",\"published\":\"2025-08-10T02:15:26.910\",\"lastModified\":\"2025-08-12T16:15:32.227\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been found in Portabilis i-Diario up to 1.5.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /registros-de-conteudos-por-disciplina/ of the component Registro das atividades. The manipulation of the argument Registro de atividades/Conte\u00fados leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.\"},{\"lang\":\"es\",\"value\":\"Se ha detectado una vulnerabilidad en Portabilis i-Diario hasta la versi\u00f3n 1.5.0, clasificada como problem\u00e1tica. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /registros-de-conteudos-por-disciplina/ del componente Registro das atividades. La manipulaci\u00f3n del argumento Registro de atividades/Conte\u00fados provoca cross site scripting. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":5.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"PASSIVE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"LOW\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"PROOF_OF_CONCEPT\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N\",\"baseScore\":3.5,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.1,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:N/I:P/A:N\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"},{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"references\":[{\"url\":\"https://github.com/marcelomulder/CVE/blob/main/i-diario/CVE-2025-8787.md\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://github.com/marcelomulder/CVE/blob/main/i-diario/Stored%20XSS%20endpoint%20registros-de-conteudos-por-disciplina.(ID)%20in%20multiples%20parameters.md\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/?ctiid.319315\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/?id.319315\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/?submit.625795\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://github.com/marcelomulder/CVE/blob/main/i-diario/CVE-2025-8787.md\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"},{\"url\":\"https://vuldb.com/?submit.625795\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-8787\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-08-12T15:21:35.300804Z\"}}}], \"references\": [{\"url\": \"https://github.com/marcelomulder/CVE/blob/main/i-diario/CVE-2025-8787.md\", \"tags\": [\"exploit\"]}, {\"url\": \"https://vuldb.com/?submit.625795\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-08-12T15:21:28.962Z\"}}], \"cna\": {\"title\": \"Portabilis i-Diario Registro das atividades registros-de-conteudos-por-disciplina cross site scripting\", \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"marceloQz (VulDB User)\"}, {\"lang\": \"en\", \"type\": \"analyst\", \"value\": \"marceloQz (VulDB User)\"}], \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 5.1, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P\"}}, {\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 3.5, \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R\"}}, {\"cvssV3_0\": {\"version\": \"3.0\", \"baseScore\": 3.5, \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R\"}}, {\"cvssV2_0\": {\"version\": \"2.0\", \"baseScore\": 4, \"vectorString\": \"AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR\"}}], \"affected\": [{\"vendor\": \"Portabilis\", \"modules\": [\"Registro das atividades\"], \"product\": \"i-Diario\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\"}, {\"status\": \"affected\", \"version\": \"1.1\"}, {\"status\": \"affected\", \"version\": \"1.2\"}, {\"status\": \"affected\", \"version\": \"1.3\"}, {\"status\": \"affected\", \"version\": \"1.4\"}, {\"status\": \"affected\", \"version\": \"1.5.0\"}]}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-08-09T00:00:00.000Z\", \"value\": \"Advisory disclosed\"}, {\"lang\": \"en\", \"time\": \"2025-08-09T02:00:00.000Z\", \"value\": \"VulDB entry created\"}, {\"lang\": \"en\", \"time\": \"2025-08-09T08:29:24.000Z\", \"value\": \"VulDB entry last update\"}], \"references\": [{\"url\": \"https://vuldb.com/?id.319315\", \"name\": \"VDB-319315 | Portabilis i-Diario Registro das atividades registros-de-conteudos-por-disciplina cross site scripting\", \"tags\": [\"vdb-entry\", \"technical-description\"]}, {\"url\": \"https://vuldb.com/?ctiid.319315\", \"name\": \"VDB-319315 | CTI Indicators (IOB, IOC, TTP, IOA)\", \"tags\": [\"signature\", \"permissions-required\"]}, {\"url\": \"https://vuldb.com/?submit.625795\", \"name\": \"Submit #625795 | Portabilis i-diario 1.5.0 Cross Site Scripting (XSS) Stored\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://github.com/marcelomulder/CVE/blob/main/i-diario/CVE-2025-8787.md\", \"tags\": [\"related\"]}, {\"url\": \"https://github.com/marcelomulder/CVE/blob/main/i-diario/Stored%20XSS%20endpoint%20registros-de-conteudos-por-disciplina.(ID)%20in%20multiples%20parameters.md\", \"tags\": [\"exploit\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability has been found in Portabilis i-Diario up to 1.5.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /registros-de-conteudos-por-disciplina/ of the component Registro das atividades. The manipulation of the argument Registro de atividades/Conte\\u00fados leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.\"}, {\"lang\": \"de\", \"value\": \"In Portabilis i-Diario bis 1.5.0 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Es geht um eine nicht n\\u00e4her bekannte Funktion der Datei /registros-de-conteudos-por-disciplina/ der Komponente Registro das atividades. Durch das Manipulieren des Arguments Registro de atividades/Conte\\u00fados mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \\u00fcber das Netzwerk erfolgen. Der Exploit steht zur \\u00f6ffentlichen Verf\\u00fcgung.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"Cross Site Scripting\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-94\", \"description\": \"Code Injection\"}]}], \"providerMetadata\": {\"orgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"shortName\": \"VulDB\", \"dateUpdated\": \"2025-08-10T01:02:06.962Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-8787\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-08-12T15:21:39.122Z\", \"dateReserved\": \"2025-08-09T05:11:23.243Z\", \"assignerOrgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"datePublished\": \"2025-08-10T01:02:06.962Z\", \"assignerShortName\": \"VulDB\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

fkie_cve-2025-8787

Vulnerability from fkie_nvd

Published

2025-08-10 02:15

Modified

2025-08-12 16:15

Severity ?

3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Summary

References

▶	URL	Tags
	cna@vuldb.com	https://github.com/marcelomulder/CVE/blob/main/i-diario/CVE-2025-8787.md
	cna@vuldb.com	https://github.com/marcelomulder/CVE/blob/main/i-diario/Stored%20XSS%20endpoint%20registros-de-conteudos-por-disciplina.(ID)%20in%20multiples%20parameters.md
	cna@vuldb.com	https://vuldb.com/?ctiid.319315
	cna@vuldb.com	https://vuldb.com/?id.319315
	cna@vuldb.com	https://vuldb.com/?submit.625795
	134c704f-9b21-4f2e-91b3-4a467353bcc0	https://github.com/marcelomulder/CVE/blob/main/i-diario/CVE-2025-8787.md
	134c704f-9b21-4f2e-91b3-4a467353bcc0	https://vuldb.com/?submit.625795

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability has been found in Portabilis i-Diario up to 1.5.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /registros-de-conteudos-por-disciplina/ of the component Registro das atividades. The manipulation of the argument Registro de atividades/Conte\u00fados leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
    },
    {
      "lang": "es",
      "value": "Se ha detectado una vulnerabilidad en Portabilis i-Diario hasta la versi\u00f3n 1.5.0, clasificada como problem\u00e1tica. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /registros-de-conteudos-por-disciplina/ del componente Registro das atividades. La manipulaci\u00f3n del argumento Registro de atividades/Conte\u00fados provoca cross site scripting. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3."
    }
  ],
  "id": "CVE-2025-8787",
  "lastModified": "2025-08-12T16:15:32.227",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "cna@vuldb.com",
        "type": "Secondary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.1,
        "impactScore": 1.4,
        "source": "cna@vuldb.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 5.1,
          "baseSeverity": "MEDIUM",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "PROOF_OF_CONCEPT",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "LOW",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "PASSIVE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "NONE",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "LOW",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "cna@vuldb.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-08-10T02:15:26.910",
  "references": [
    {
      "source": "cna@vuldb.com",
      "url": "https://github.com/marcelomulder/CVE/blob/main/i-diario/CVE-2025-8787.md"
    },
    {
      "source": "cna@vuldb.com",
      "url": "https://github.com/marcelomulder/CVE/blob/main/i-diario/Stored%20XSS%20endpoint%20registros-de-conteudos-por-disciplina.(ID)%20in%20multiples%20parameters.md"
    },
    {
      "source": "cna@vuldb.com",
      "url": "https://vuldb.com/?ctiid.319315"
    },
    {
      "source": "cna@vuldb.com",
      "url": "https://vuldb.com/?id.319315"
    },
    {
      "source": "cna@vuldb.com",
      "url": "https://vuldb.com/?submit.625795"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "url": "https://github.com/marcelomulder/CVE/blob/main/i-diario/CVE-2025-8787.md"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "url": "https://vuldb.com/?submit.625795"
    }
  ],
  "sourceIdentifier": "cna@vuldb.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        },
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "cna@vuldb.com",
      "type": "Secondary"
    }
  ]
}

ghsa-p26g-96r4-3qr6

Vulnerability from github

Published

2025-08-10 03:30

Modified

2025-08-10 03:30

Severity ?

3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
2.0 (Low) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-8787"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-10T02:15:26Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability has been found in Portabilis i-Diario up to 1.5.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /registros-de-conteudos-por-disciplina/ of the component Registro das atividades. The manipulation of the argument Registro de atividades/Conte\u00fados leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-p26g-96r4-3qr6",
  "modified": "2025-08-10T03:30:30Z",
  "published": "2025-08-10T03:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8787"
    },
    {
      "type": "WEB",
      "url": "https://github.com/marcelomulder/CVE/blob/main/i-diario/CVE-2025-8787.md"
    },
    {
      "type": "WEB",
      "url": "https://github.com/marcelomulder/CVE/blob/main/i-diario/Stored%20XSS%20endpoint%20registros-de-conteudos-por-disciplina.(ID)%20in%20multiples%20parameters.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.319315"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.319315"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.625795"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2025-8787 (GCVE-0-2025-8787)

Vulnerability from cvelistv5

fkie_cve-2025-8787

Vulnerability from fkie_nvd

ghsa-p26g-96r4-3qr6

Vulnerability from github

Tags

Sightings

Nomenclature