CVE-2022-39020 HIGH

CVE-2022-39020: Cross-site scripting in Schoolbox version 21.0.2, by Schoolbox Pty Ltd

Vendor Schoolbox Pty Ltd
Product Schoolbox
Weakness CWE-79 · XSS
Published October 31, 2022
Last update May 6, 2025

CVSS base score

7.6/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L

What the vulnerability does

01Description

Multiple instances of XSS (stored and reflected) was found in the application. For example, features such as student assessment submission, file upload, news, ePortfolio and calendar event creation were found to be vulnerable to cross-site scripting.

Key dates

02Disclosure timeline

October 31, 2022 CVE published
May 6, 2025 Record updated