CVE-2024-28096

Name of the Vulnerable Software and Affected Versions Schoolbox versions prior to 23.1.3

Description The issue concerns stored cross-site scripting in the Class functionality of the Schoolbox application. This allows an authenticated attacker to perform security actions in the context of affected users.

Recommendations For versions prior to 23.1.3, update to version 23.1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the Class functionality to minimize the risk of exploitation.