A vulnerability was identified in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/meusdadod.php of the component User Data Page. Such manipulation of the argument File leads to cross site scripting. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
PUBLISHED5.2CWE-79CWE-94
Portabilis i-Educar User Data meusdadod.php cross site scripting
Problem type
Affected products
Portabilis
i-Educar
2.0 - AFFECTED
2.1 - AFFECTED
2.2 - AFFECTED
2.3 - AFFECTED
2.4 - AFFECTED
2.5 - AFFECTED
2.6 - AFFECTED
2.7 - AFFECTED
2.8 - AFFECTED
2.9 - AFFECTED
2.10 - AFFECTED
References
VDB-344631 | Portabilis i-Educar User Data meusdadod.php cross site scripting
https://vuldb.com/?id.344631
VDB-344631 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/?ctiid.344631
Submit #745108 | Portabilis i-Educar 2.10 Cross Site Scripting
https://vuldb.com/?submit.745108
github.com
https://github.com/nmmorette/vulnerability-research/tree/main/XSS-Idiario
GitHub Security Advisories
GHSA-gvvr-69ch-5mhm
A vulnerability was identified in Portabilis i-Educar up to 2.10. Affected by this vulnerability...
https://github.com/advisories/GHSA-gvvr-69ch-5mhmA vulnerability was identified in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/meusdadod.php of the component User Data Page. Such manipulation of the argument File leads to cross site scripting. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
nvd.nist.gov
https://nvd.nist.gov/vuln/detail/CVE-2026-2064
github.com
https://github.com/nmmorette/vulnerability-research/tree/main/XSS-Idiario
vuldb.com
https://vuldb.com/?ctiid.344631
vuldb.com
https://vuldb.com/?id.344631
vuldb.com
https://vuldb.com/?submit.745108
github.com
https://github.com/advisories/GHSA-gvvr-69ch-5mhm
JSON source
https://cveawg.mitre.org/api/cve/CVE-2026-2064Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2026-2064",
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"dateUpdated": "2026-02-06T20:13:23.697Z",
"dateReserved": "2026-02-06T06:44:43.119Z",
"datePublished": "2026-02-06T19:32:07.906Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB",
"dateUpdated": "2026-02-06T19:32:07.906Z"
},
"title": "Portabilis i-Educar User Data meusdadod.php cross site scripting",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/meusdadod.php of the component User Data Page. Such manipulation of the argument File leads to cross site scripting. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"affected": [
{
"vendor": "Portabilis",
"product": "i-Educar",
"modules": [
"User Data Page"
],
"versions": [
{
"version": "2.0",
"status": "affected"
},
{
"version": "2.1",
"status": "affected"
},
{
"version": "2.2",
"status": "affected"
},
{
"version": "2.3",
"status": "affected"
},
{
"version": "2.4",
"status": "affected"
},
{
"version": "2.5",
"status": "affected"
},
{
"version": "2.6",
"status": "affected"
},
{
"version": "2.7",
"status": "affected"
},
{
"version": "2.8",
"status": "affected"
},
{
"version": "2.9",
"status": "affected"
},
{
"version": "2.10",
"status": "affected"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "Cross Site Scripting",
"cweId": "CWE-79",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"lang": "en",
"description": "Code Injection",
"cweId": "CWE-94",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?id.344631",
"name": "VDB-344631 | Portabilis i-Educar User Data meusdadod.php cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
]
},
{
"url": "https://vuldb.com/?ctiid.344631",
"name": "VDB-344631 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
]
},
{
"url": "https://vuldb.com/?submit.745108",
"name": "Submit #745108 | Portabilis i-Educar 2.10 Cross Site Scripting",
"tags": [
"third-party-advisory"
]
},
{
"url": "https://github.com/nmmorette/vulnerability-research/tree/main/XSS-Idiario",
"tags": [
"exploit"
]
}
],
"metrics": [
{},
{
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"baseScore": 3.5,
"baseSeverity": "LOW"
}
},
{
"cvssV3_0": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"baseScore": 3.5,
"baseSeverity": "LOW"
}
},
{
"cvssV2_0": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"baseScore": 4
}
}
],
"timeline": [
{
"time": "2026-02-06T00:00:00.000Z",
"lang": "en",
"value": "Advisory disclosed"
},
{
"time": "2026-02-06T01:00:00.000Z",
"lang": "en",
"value": "VulDB entry created"
},
{
"time": "2026-02-06T07:49:47.000Z",
"lang": "en",
"value": "VulDB entry last update"
}
],
"credits": [
{
"lang": "en",
"value": "nmmorette (VulDB User)",
"type": "reporter"
}
]
},
"adp": [
{
"providerMetadata": {
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP",
"dateUpdated": "2026-02-06T20:13:23.697Z"
},
"title": "CISA ADP Vulnrichment",
"metrics": [
{}
]
}
]
}
}