https://www.cvehunters.com/p/cve-2026-4355/Cross-Site Scripting (XSS) Storedhttps://www.cvehunters.com/p/cve-2026-4355/https://www.cvehunters.com/p/cve-2026-4355/<h2 id="cve-2026-4355-cross-site-scripting-xss-stored-in-new-educar_servidor_curso_lst-parameter-name">CVE-2026-4355: Cross-Site Scripting (XSS) Stored in new <code>educar_servidor_curso_lst</code> parameter <code>name</code> </h2><blockquote> <p><em><strong>CVE Publication: <a class="link" href="https://www.cve.org/CVERecord?id=CVE-2026-4355" target="_blank" rel="noopener" >https://www.cve.org/CVERecord?id=CVE-2026-4355</a></strong></em></p> </blockquote> <h2 id="summary">Summary </h2><p style="text-align: justify;">A Stored Cross-Site Scripting (XSS) vulnerability was identified in the <code>educar_servidor_curso_lst.php</code> endpoint of the I-educar 2.11 application. This vulnerability allows attackers to inject malicious scripts into the <code>name</code> parameter. The injected scripts are stored on the server and executed automatically whenever the <code>ComponenteCurricular/view</code> page is accessed by users, representing a significant security risk.</p> <h2 id="details">Details </h2><p>Vulnerable Endpoint: <code>educar_servidor_curso_lst.php</code></p><h2 id="cve-2026-4355-cross-site-scripting-xss-stored-in-new-educar_servidor_curso_lst-parameter-name">CVE-2026-4355: Cross-Site Scripting (XSS) Stored in new <code>educar_servidor_curso_lst</code> parameter <code>name</code> </h2><blockquote> <p><em><strong>CVE Publication: <a class="link" href="https://www.cve.org/CVERecord?id=CVE-2026-4355" target="_blank" rel="noopener" >https://www.cve.org/CVERecord?id=CVE-2026-4355</a></strong></em></p> </blockquote> <h2 id="summary">Summary </h2><p style="text-align: justify;">A Stored Cross-Site Scripting (XSS) vulnerability was identified in the <code>educar_servidor_curso_lst.php</code> endpoint of the I-educar 2.11 application. This vulnerability allows attackers to inject malicious scripts into the <code>name</code> parameter. The injected scripts are stored on the server and executed automatically whenever the <code>ComponenteCurricular/view</code> page is accessed by users, representing a significant security risk.</p> <h2 id="details">Details </h2><p>Vulnerable Endpoint: <code>educar_servidor_curso_lst.php</code></p> <p>Parameter: <code>name</code></p> <h2 id="poc">PoC </h2><h3 id="payload">Payload </h3><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl"><script>alert(1)</script> </span></span></code></pre></td></tr></table> </div> </div><h3 id="steps-to-reproduce">Steps to Reproduce: </h3><p style="text-align: justify;"> Register the payload in the <code>name</code> field at the <code>educar_servidor_curso_lst.php</code> endpoint.</p> <p><img src="/p/cve-2026-4355/image.png" width="1655" height="336" srcset="/p/cve-2026-4355/image_hu_f0d344b2348566d2.png 480w, /p/cve-2026-4355/image_hu_6c0417b053954c44.png 1024w" loading="lazy" class="gallery-image" data-flex-grow="492" data-flex-basis="1182px" /></p> <p style="text-align: justify;"> After that, the XSS can be triggered by opening the <code>educar_servidor_curso_lst.php</code> endpoint corresponding to the edited ID.</p> <p><img src="/p/cve-2026-4355/image-1.png" width="1655" height="336" srcset="/p/cve-2026-4355/image-1_hu_304eccbb94dee2b4.png 480w, /p/cve-2026-4355/image-1_hu_6a7e07ce80a625ac.png 1024w" loading="lazy" class="gallery-image" data-flex-grow="492" data-flex-basis="1182px" /></p> <h2 id="impact">Impact </h2><p style="text-align: justify;"> <ul> <li>Session hijacking: Stealing cookies or authentication tokens to impersonate users.</li> <li>Credential theft: Harvesting usernames and passwords using malicious scripts.</li> <li>Malware delivery: Distributing unwanted or harmful code to victims.</li> <li>Privilege escalation: Compromising administrative users through persistent scripts.</li> <li>Data manipulation or defacement: Changing or disrupting site content.</li> <li>Reputation damage: Eroding trust among site users and administrators.</li> </ul> </p> <h2 id="reference">Reference </h2><p><em><strong><a class="link" href="https://github.com/Saiipe/CVE/blob/main/i-educar%2FCVE-2026-4355.md" target="_blank" rel="noopener" >https://github.com/Saiipe/CVE/blob/main/i-educar%2FCVE-2026-4355.md</a></strong></em></p> <h2 id="finder">Finder </h2><p><a class="link" href="http://www.linkedin.com/in/itauan" target="_blank" rel="noopener" ><img src="/assets/contributors/50x50/itauan50x50.png" loading="lazy" /></a> <a class="link" href="http://www.linkedin.com/in/itauan" target="_blank" rel="noopener" >Itauan Santos</a></p> <blockquote> <p><em><strong>By: <a class="link" href="https://github.com/CVE-Hunters/cve-hunters" target="_blank" rel="noopener" >CVE-Hunters</a></strong></em></p> </blockquote>Tue, 17 Mar 2026 00:00:00 +0000