CVE-2024-55651 – i-Educar Stored Cross-Site Scripting Vulnerability

May 8, 2025

CVE ID : CVE-2024-55651

Published : May 8, 2025, 12:15 a.m. | 3 hours, 21 minutes ago

Description : i-Educar is free, fully online school management software. Version 2.9 of the application fails to properly validate and sanitize user supplied input, leading to a stored cross-site scripting vulnerability that resides within the user type (Tipo de Usuário) input field. Through this attacker vector a malicious user might be able to retrieve information belonging to another user, which may lead to sensitive information leakage or other malicious actions. As of time of publication, no patched versions are known to exist.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleResearchers from Fudan University Introduce Lorsa: A Sparse Attention Mechanism That Recovers Atomic Attention Units Hidden in Transformer Superposition

Next Article Critical CVE-2025-20188 (CVSS 10) Flaw in Cisco IOS XE WLCs Allows Remote Root Access

The Power Of The Intl API: A Definitive Guide To Browser-Native Internationalization

This week in AI dev tools: GPT-5, Claude Opus 4.1, and more (August 8, 2025)

Elastic simplifies log analytics for SREs and developers with launch of Log Essentials

OpenAI launches GPT-5

I compared the best headphones from Apple, Sony, Bose, and Sonos: Here’s how the AirPods Max wins

I changed these 6 settings on my iPad to significantly improve its battery life

DistroWatch Weekly, Issue 1134

3 portable power stations I travel everywhere with (and how they differ)

Next.js PWA offline capability with Service Worker, no extra package

Next.js PWA offline capability with Service Worker, no extra package

spatie/laravel-flare

Establishing Consistent Data Foundations with Laravel’s Database Population System

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Best Architecture AI Rendering Platform: 6 Tools Tested

Microsoft won’t kill off Chromium Edge and PWAs on Windows 10 until October 2028

CVE-2024-55651 – i-Educar Stored Cross-Site Scripting Vulnerability

Researchers Reveal ReVault Attack Targeting Dell ControlVault3 Firmware in 100+ Laptop Models

Researchers Detail Windows EPM Poisoning Exploit Chain Leading to Domain Privilege Escalation

Embracing the Present: Finding Joy in Your UX Journey

CVE-2025-46272 – D-Link Router Command Injection Vulnerability

EPFL Researchers Introduce MEMOIR: A Scalable Framework for Lifelong Model Editing in LLMs

Microsoft sees its carbon emissions soar on a 168% glut in AI energy demand, “we recognize that we must also bring more carbon-free electricity onto the grids.”

CVE-2025-48699 – Apache Unintended Exposure

Microsoft Reportedly Hires More AI Talent from Google DeepMind

CVE-2025-4552 – ContiNew Admin Remote Unverified Password Change Vulnerability

You can use T-Mobile’s Starlink service to send images, audio, and video now – here’s how

CVE-2024-55651 – i-Educar Stored Cross-Site Scripting Vulnerability

Related Posts