Akshay Raj

**Name of the Vulnerable Software and Affected Versions** Schoolbox versions prior to 23.1.3 **Description** The issue concerns a blind SQL Injection vulnerability in the chat functionality of the Schoolbox application. This vulnerability allows authenticated attackers to read, modify, and delete database records. The vulnerability is being actively exploited. **Recommendations** For versions prior to 23.1.3, update to version 23.1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the chat functionality until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Schoolbox versions prior to 23.1.3 **Description** The issue concerns stored cross-site scripting in the news functionality, allowing an authenticated attacker to perform security actions in the context of affected users. **Recommendations** For versions prior to 23.1.3, update to version 23.1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the news functionality until a patch is applied. Avoid using the news functionality in a way that could allow an attacker to inject malicious scripts.

**Name of the Vulnerable Software and Affected Versions** Schoolbox versions prior to 23.1.3 **Description** The issue concerns stored cross-site scripting in the Class functionality of the Schoolbox application. This allows an authenticated attacker to perform security actions in the context of affected users. **Recommendations** For versions prior to 23.1.3, update to version 23.1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the Class functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Schoolbox versions prior to 23.1.3 **Description** The issue concerns stored cross-site scripting in the calendar functionality, allowing an authenticated attacker to perform security actions in the context of affected users. **Recommendations** For versions prior to 23.1.3, update to version 23.1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the calendar functionality until a patch is applied. Avoid using the calendar feature in a way that could allow an attacker to inject malicious scripts, and ensure that all users are aware of the potential risk.