关键漏洞信息 Vulnerability ID: CVE-2026-2064 Vulnerable Product: Portabilis i-Educar up to 2.10 Vulnerable Component: User Data Page ( ) Vulnerability Type: File cross-site scripting (XSS) Exploitability: Easy Severity Metrics CVSSv3 Score: 3.5 (Base) / 3.2 (Temp) CTI Interest Score: 2.97-3.2 Technical Details CWE ID: CWE-79 (Cross Site Scripting) Impact: Manipulation of an unknown input in the file leads to XSS. The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output. Exploit Availability: Public exploit and proof-of-concept are available. Exploit Links: - Available on GitHub: Exploit - Discussion and advisory available: VulDB Threat Intelligence Active Exploitation: Yes Interest: The CTI Interest Score identifies attacker and security community interest, indicating the risk of being targeted. Timeline Disclosure Date: 02/06/2026 Entry Created: 02/06/2026 Countermeasures Status: No mitigation known Source Identification Advisory Reference: GitHub CVE ID: CVE-2026-2064 GCVE: GCVE-100-344631