Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Portabilis i-Educar allows Stored Cross-Site Scripting (XSS) via the matriculainterna parameter in the educarusuario_cad.php endpoint. This issue affects i-Educar: 2.10.0.
{
"cwe_ids": [
"CWE-79"
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/9xxx/CVE-2025-9638.json",
"cna_assigner": "Fluid Attacks"
}