CVE-2026-4355 | Portabilis i-Educar 2.11 Endpoint educar_servidor_curso_lst.php Name cross site scripting

Inserito da Angelo Barbosa | Mar 17, 2026 | CVE

A vulnerability was found in Portabilis i-Educar 2.11. It has been rated as problematic. This impacts an unknown function of the file /intranet/educar_servidor_curso_lst.php of the component Endpoint. Performing a manipulation of the argument Name results in cross site scripting.

This vulnerability was named CVE-2026-4355. The attack may be initiated remotely. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4355 | Portabilis i-Educar 2.11 Endpoint educar_servidor_curso_lst.php Name cross site scripting

Post correlati

CVE-2025-53842 | ZEXELON ZWX-2000CSW2-HN/ZWX-2000CS2-HN hard-coded credentials

CVE-2024-38505 | JetBrains YouTrack up to 2024.1.29548 Access Token insufficiently protected credentials

CVE-2025-9252 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 DisablePasswordAlertRedirect hint stack-based overflow

CVE-2024-36316 | AMD Radeon PRO V710 AMD Graphics Driver integer overflow