Key Information Vulnerability Type Stored Cross-Site Scripting (XSS) Affected Versions i-Educar (Portabilis) 2.9 Vulnerability Description The application fails to properly validate and sanitize user input, leading to a stored cross-site scripting vulnerability, which exists in the "Tipo de Usuario" input field. Attack Vector Network CVSS v3 Base Metrics Severity: Medium (4.3/10) Attack Complexity: Low Required Privileges: Low User Interaction: None Scope: Unchanged Confidentiality Impact: Low Integrity Impact: Low Availability Impact: None CWE ID CWE-79 CVE ID CVE-2024-56051 Weakness CWE-20 Vulnerability Details When editing user types, accessible via . Arbitrary JavaScript code can be inserted, which will be stored and executed when the user returns to the previous page. PoC (Proof of Concept) Use a user type and insert payload: Request Example POST request to Parameter contains XSS payload Impact Attackers may exploit this vector to obtain information belonging to other users, potentially leading to sensitive data leakage or other malicious activities. Mitigation Use in PHP when processing user input to mitigate cross-site scripting vulnerabilities.