CVE-2024-28095

Published Mar 7, 2024

Last updated 8 months ago

Overview

Description
News functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users.
Source
vdp@themissinglink.com.au
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.3
Impact score
5.2
Exploitability score
2.1
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
Severity
HIGH

Weaknesses

vdp@themissinglink.com.au
CWE-79

Social media

Hype score
Not currently trending