Headline
CVE-2022-39020: Cross-site scripting in Schoolbox version 21.0.2, by Schoolbox Pty Ltd.
Multiple instances of XSS (stored and reflected) was found in the application. For example, features such as student assessment submission, file upload, news, ePortfolio and calendar event creation were found to be vulnerable to cross-site scripting.
CVE-2022-39020
Discovered by Nelson Fernandes on behalf of The Missing Link Security
Vulnerability Details
Multiple instances of XSS (stored and reflected) was found in the application. For example, features such as student assessment submission, file upload, news, ePortfolio and calendar event creation were found to be vulnerable to cross-site scripting.
Affected Versions
Discovered in: 21.0.2
Fixed Versions
Fixed in: 21.0.3
Latest News
Recent data breaches and what your business can learn from them
Clearing up the complex world of penetration testing
How intelligent automation can help address ESG reporting challenges
See All News