CVE-2025-7870

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-7870

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-7870.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-7870

Published

2025-07-20T06:15:26.920Z

Modified

2026-01-09T19:16:13.917016Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A vulnerability, which was classified as problematic, was found in Portabilis i-Diario 1.5.0. This affects an unknown part of the component justificativas-de-falta Endpoint. The manipulation of the argument Anexo leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References

Affected packages

Git / github.com/portabilis/i-diario

Affected ranges

Type: GIT
Repo: https://github.com/portabilis/i-diario
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

685689f97027d75a456e3bc243e103b6bfc580d9

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.0.8

1.1.0

1.1.1

1.1.2

1.1.3

1.1.4

1.2.0

1.3.0

1.3.1

1.3.2

1.3.3

1.3.4

1.3.5

1.3.6

1.4.0

1.4.1

1.5.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-7870.json"