Featured image of post CVE-2025-9638
XSS Moderate I-Educar Security WebApp

CVE-2025-9638

Cross-Site Scripting (XSS) Stored

CVE-2025-9638: Cross-Site Scripting (XSS) Stored in Admin Panel

CVE Publication: https://www.cve.org/CVERecord?id=CVE-2025-9638

Summary

A Stored Cross-Site Scripting (XSS) vulnerability was identified in the educar_usuario_cad.php endpoint of the i-Educar application. The issue arises because the matricula_interna parameter is not sanitized before being stored in the database. Malicious scripts injected into this field persist in the system and are executed whenever the affected record is displayed in the web interface, leading to a persistent client-side compromise.

Details

Vulnerable Endpoint: educar_usuario_cad.php

Parameter: matricula_interna

PoC

Payload

1

><svg/onload=alert(16)>

Steps to Reproduce:

  • Log in with an account that can create or edit users.
  • Navigate to Configurações → Permissões → Usuários.
  • Create a new user or edit an existing one.
  • In the Matrícula Interna field, insert the payload.
  • Save changes.

  • Open the affected user record.
  • The payload executes immediately, confirming the stored XSS.

Impact

  • Session hijacking: Stealing cookies or authentication tokens to impersonate users.
  • Credential theft: Harvesting usernames and passwords using malicious scripts.
  • Malware delivery: Distributing unwanted or harmful code to victims.
  • Privilege escalation: Compromising administrative users through persistent scripts.
  • Data manipulation or defacement: Changing or disrupting site content.
  • Reputation damage: Eroding trust among site users and administrators.

Reference

https://fluidattacks.com/pt/advisories/travis

Finder

Marcelo Queiroz

By: CVE-Hunters

© 2020 - 2026 CVE-Hunters
Built with Hugo
Theme Stack designed by Jimmy