Vulnerabilities > Schoolbox
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-03-07 | CVE-2024-28094 | SQL Injection vulnerability in Schoolbox 21.0.2 Chat functionality in Schoolbox application before version 23.1.3 is vulnerable to blind SQL Injection enabling the authenticated attackers to read, modify, and delete database records. | 8.8 |
| 2024-03-07 | CVE-2024-28095 | Cross-site Scripting vulnerability in Schoolbox 21.0.2 News functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users. | 5.4 |
| 2024-03-07 | CVE-2024-28096 | Cross-site Scripting vulnerability in Schoolbox 21.0.2 Class functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users. | 5.4 |
| 2024-03-07 | CVE-2024-28097 | Cross-site Scripting vulnerability in Schoolbox 21.0.2 Calendar functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users. | 5.4 |
| 2022-10-31 | CVE-2022-39020 | Cross-site Scripting vulnerability in Schoolbox 21.0.2 Multiple instances of XSS (stored and reflected) was found in the application. | 6.1 |
| 2022-10-31 | CVE-2022-3059 | SQL Injection vulnerability in Schoolbox 21.0.2 The application was vulnerable to multiple instances of SQL injection (authenticated and unauthenticated) through a vulnerable parameter. | 7.5 |