Karina Gante
Posts Tags Categories
Karina Gante

Contents

CVE-2025-10372

Karina avatarKarina  included in  category CVE
    2 minutes   CC BY-NC 4.0   
How I Discovered Multiple Stored XSS in i-Educar via educar_modulo_cad.php (With PoC and Screenshots)

How I Discovered Multiple Stored XSS in i-Educar via educar_modulo_cad.php (With PoC and Screenshots).

🇧🇷 Ler em Português.

While analyzing the modules registration functionality in the i-Educar system, I found multiple stored XSS vulnerabilities in the /intranet/educar_modulo_cad.php endpoint. Both the nm_tipo and descricao fields accepted malicious scripts without any input sanitization.
As a result, the payload was saved on the server and executed automatically when accessing the module listing page. This vulnerability was officially assigned as CVE-2025-10372.
In this post, I’ll walk you through the technical details, PoC steps, and security risks posed by this issue.

CVE-2025-10372 refers two stored Cross-Site Scripting (XSS) vulnerabilities in the /intranet/educar_modulo_cad.php endpoint of the i-Educar application.
The nm_tipo and descricao parameters fail to properly sanitize user input, allowing malicious scripts to be stored and automatically executed when the /intranet/educar_modulo_lst.php page is accessed.

Vulnerable Endpoint /intranet/educar_modulo_cad.php

Affected Parameters: nm_tipo and descricao

Trigger Page: /intranet/educar_modulo_lst.php

Other Affected Endpoint: /intranet/educar_modulo_det.php?cod_ modulo=[id]

Payload Used

"><img src=x onerror=alert('CVE-Hunters')>

To reproduce this vulnerability, follow the steps below:

1. Access vulnerable endpoint and select default option on first field.
2. Insert the payload in second field ("Etapa") and third field ("Descrição").
3. Type "4" in fourth field ("Número de etapas").
4. Click on "Salvar".

The /intranet/educar_modulo_lst.php page will load automatically, triggering the stored XSS:

Parameter nm_tipoParameter descricao
Report

You can access the full technical report with all PoC steps here:

CVE-2025-10372 Report

This Cross-Site Scripting (XSS) vulnerability can be exploited to:

  • Steal session cookies (session hijacking);
  • Install malware on victims’ devices;
  • Steal credentials stored in the browser;
  • Redirect users to malicious websites;
  • Deface the application interface;
  • Damage the institutional reputation.

The issue was ethically reported and officially registered as:

References

CVE-2025-10372 on CVE.org

VulDB Entry

CVE-2025-10372 shows that even seemingly harmless fields like company nm_tipos can become vectors for stored XSS attacks. When displayed in administrative panels without proper validation or output encoding, they pose a real threat.
Ensuring input validation on every form — no matter how trivial the field — is important to keeping web applications secure.

Discovered with💜 by Karina Gante.

LinkedIn GitHub gmail Instagram

Official Member of CVE-Hunters🏹

Related Content

How I Discovered Multiple Stored XSS in i-Educar via educar_modulo_cad.php (With PoC and Screenshots)

CVE-2025-10909

How I Discovered Multiple Stored XSS in i-Educar via educar_modulo_cad.php (With PoC and Screenshots)

CVE-2025-10844

How I Discovered Multiple Stored XSS in i-Educar via educar_modulo_cad.php (With PoC and Screenshots)

CVE-2025-10845

How I Discovered Multiple Stored XSS in i-Educar via educar_modulo_cad.php (With PoC and Screenshots)

CVE-2025-10846

How I Discovered Multiple Stored XSS in i-Educar via educar_modulo_cad.php (With PoC and Screenshots)

CVE-2025-10584

CC BY-NC 4.0
 XSSI-EducarStored XSSCVE-2025-10372Cybersecurity
 | Home