Browse all 6 CVE security advisories affecting Schoolbox Pty Ltd. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Schoolbox Pty Ltd develops a learning management system used by educational institutions to deliver digital curriculum and manage student data. Historically, their platform has been vulnerable to multiple remote code execution, cross-site scripting, and privilege escalation flaws, with six CVEs documented. Security researchers have identified authentication bypasses and insufficient input validation as recurring issues. While no major public security incidents have been widely reported, the consistent presence of critical vulnerabilities in their codebase suggests potential risks for educational institutions relying on their platform.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-28097 | Stored Cross-site Scripting in Calendar functionality in Schoolbox — SchoolboxCWE-79 | 7.3 | High | 2024-03-07 |
| CVE-2024-28096 | Stored Cross-site Scripting in Class functionality in Schoolbox — SchoolboxCWE-79 | 7.3 | High | 2024-03-07 |
| CVE-2024-28095 | Stored Cross-site Scripting in News functionality in Schoolbox — SchoolboxCWE-79 | 7.3 | High | 2024-03-07 |
| CVE-2024-28094 | Blind SQL Injection in Chat functionality in Schoolbox — SchoolboxCWE-89 | 8.8 | High | 2024-03-07 |
| CVE-2022-3059 | SQL injection in Schoolbox version 21.0.2, by Schoolbox Pty Ltd — SchoolboxCWE-89 | 8.6 | High | 2022-10-31 |
| CVE-2022-39020 | Cross-site scripting in Schoolbox version 21.0.2, by Schoolbox Pty Ltd — SchoolboxCWE-79 | 7.6 | High | 2022-10-31 |
This page lists every published CVE security advisory associated with Schoolbox Pty Ltd. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.