Cross-site scripting in Schoolbox version 21.0.2, by Schoolbox Pty Ltd

Multiple instances of XSS (stored and reflected) was found in the application. For example, features such as student assessment submission, file upload, news, ePortfolio and calendar event creation were found to be vulnerable to cross-site scripting.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Schoolbox 跨站脚本漏洞

Schoolbox是澳大利亚Schoolbox公司的一个在线学习平台。 Schoolbox 21.0.2版本存在安全漏洞，该漏洞源于其学生评估提交、文件上传、新闻、ePortfolio和日历事件创建等功能允许攻击者实现多个反射型或存储型跨站脚本。

N/A

N/A