Vulnerabilities > Schoolbox > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-03-07 | CVE-2024-28095 | Cross-site Scripting vulnerability in Schoolbox 21.0.2 News functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users. | 5.4 |
| 2024-03-07 | CVE-2024-28096 | Cross-site Scripting vulnerability in Schoolbox 21.0.2 Class functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users. | 5.4 |
| 2024-03-07 | CVE-2024-28097 | Cross-site Scripting vulnerability in Schoolbox 21.0.2 Calendar functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users. | 5.4 |
| 2022-10-31 | CVE-2022-39020 | Cross-site Scripting vulnerability in Schoolbox 21.0.2 Multiple instances of XSS (stored and reflected) was found in the application. | 6.1 |