CVE-2024-28097

Name of the Vulnerable Software and Affected Versions Schoolbox versions prior to 23.1.3

Description The issue concerns stored cross-site scripting in the calendar functionality, allowing an authenticated attacker to perform security actions in the context of affected users.

Recommendations For versions prior to 23.1.3, update to version 23.1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the calendar functionality until a patch is applied. Avoid using the calendar feature in a way that could allow an attacker to inject malicious scripts, and ensure that all users are aware of the potential risk.