216.73.217.64

CVE-2024-55651

· Published 08/05/2025 00:15 · Modified 08/05/2025 14:39

Labels: CVE-2024-55651 2025-05-08CVE-2024-55651CWE-79[email protected]

Essential information

Published
08/05/2025 00:15
Modified
08/05/2025 14:39
Author
Creator
CVSS
2.0 LOW (v3) 2.0 LOW (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

i-Educar is free, fully online school management software. Version 2.9 of the application fails to properly validate and sanitize user supplied input, leading to a stored cross-site scripting vulnerability that resides within the user type (Tipo de Usuário) input field. Through this attacker vector a malicious user might be able to retrieve information belonging to another user, which may lead to sensitive information leakage or other malicious actions. As of time of publication, no patched versions are known to exist.

NVD status

Status
Undergoing Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
ieducar / ieducar cpe:2.3:a:ieducar:ieducar:2.9:*:*:*:*:*:*:*

References