exploitDog

CVE-2024-28096

Опубликовано: 07 мар. 2024

Источник: nvd

CVSS3: 7.3

CVSS3: 5.4

EPSS Низкий

Описание

Class functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users.

Ссылки

https://schoolbox.education/
Product
https://www.themissinglink.com.au/security-advisories/cve-2024-28096
Third Party Advisory
https://schoolbox.education/
Product
https://www.themissinglink.com.au/security-advisories/cve-2024-28096
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:schoolbox:schoolbox:*:*:*:*:*:*:*:*

Версия до 23.1.3 (исключая)

EPSS

Процентиль: 31%

0.00115

Низкий

7.3 High

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-34xv-8mr4-fx45

CVSS3: 7.3

github

почти 2 года назад

Class functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users.

EPSS

Процентиль: 31%

0.00115

Низкий

7.3 High

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-79

CWE-79