汇总 schoolbox 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
常见弱点模式包括 跨站脚本与SQL 注入,在 软件部署与生产负载 使用场景中可能带来 会话劫持与数据泄露 等风险。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2024-28097 | Calendar functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users. | [email protected] | 7.3 | 0.11% | 2024-03-07 | 2025-02-05 |
| CVE-2024-28096 | Class functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users. | [email protected] | 7.3 | 0.11% | 2024-03-07 | 2025-02-05 |
| CVE-2024-28095 | News functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users. | [email protected] | 7.3 | 0.11% | 2024-03-07 | 2025-02-05 |
| CVE-2024-28094 | Chat functionality in Schoolbox application before version 23.1.3 is vulnerable to blind SQL Injection enabling the authenticated attackers to read, modify, and delete database records. | [email protected] | 8.8 | 0.09% | 2024-03-07 | 2025-02-05 |
| CVE-2022-3059 | The application was vulnerable to multiple instances of SQL injection (authenticated and unauthenticated) through a vulnerable parameter. Due to the stacked query support, complex SQL commands could be crafted and injected into the vulnerable parameter and using a sleep based inferential SQL injection it was possible to extract data from the database. | [email protected] | 8.6 | 0.34% | 2022-10-31 | 2024-11-21 |
| CVE-2022-39020 | Multiple instances of XSS (stored and reflected) was found in the application. For example, features such as student assessment submission, file upload, news, ePortfolio and calendar event creation were found to be vulnerable to cross-site scripting. | [email protected] | 7.6 | 0.30% | 2022-10-31 | 2024-11-21 |