exploitDog

CVE-2024-28095

Опубликовано: 07 мар. 2024

Источник: nvd

CVSS3: 7.3

CVSS3: 5.4

EPSS Низкий

Описание

News functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users.

Ссылки

https://schoolbox.education/
Product
https://www.themissinglink.com.au/security-advisories/cve-2024-28095
Third Party Advisory
https://schoolbox.education/
Product
https://www.themissinglink.com.au/security-advisories/cve-2024-28095
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:schoolbox:schoolbox:*:*:*:*:*:*:*:*

Версия до 23.1.3 (исключая)

EPSS

Процентиль: 31%

0.00115

Низкий

7.3 High

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-fxm2-pc7h-884h

CVSS3: 7.3

github

почти 2 года назад

News functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users.

EPSS

Процентиль: 31%

0.00115

Низкий

7.3 High

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-79

CWE-79