CVE-2022-39020: Cross-site scripting in Schoolbox version 21.0.2, by Schoolbox Pty Ltd
First published: Mon Oct 31 2022(Updated: )
Multiple instances of XSS (stored and reflected) was found in the application. For example, features such as student assessment submission, file upload, news, ePortfolio and calendar event creation were found to be vulnerable to cross-site scripting.
Credit: vdp@themissinglink.com.au
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Schoolbox | =21.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2022-39020?
CVE-2022-39020 has been classified as a high severity vulnerability due to the potential impact of multiple instances of cross-site scripting.
How do I fix CVE-2022-39020?
To fix CVE-2022-39020, ensure that all user inputs are properly sanitized and validated to prevent XSS attacks.
What software versions are affected by CVE-2022-39020?
CVE-2022-39020 affects Schoolbox version 21.0.2.
What types of XSS vulnerabilities are present in CVE-2022-39020?
CVE-2022-39020 contains multiple instances of both stored and reflected cross-site scripting vulnerabilities.
What features are vulnerable in CVE-2022-39020?
The vulnerabilities in CVE-2022-39020 affect features like student assessment submission, file upload, news, ePortfolio, and calendar event creation.
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/references
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- agent/author
- vendor/schoolbox
- canonical/schoolbox
- version/schoolbox/21.0.2