A vulnerability was found in Portabilis i-Educar up to 2.10. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /intranet/meusdadod.php of the component User Data Page. Such manipulation of the argument File leads to cross site scripting.
This vulnerability is referenced as CVE-2026-2064. It is possible to launch the attack remotely. Furthermore, an exploit is available.
The vendor was contacted early about this disclosure but did not respond in any way.
