Class functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users.
https://www.themissinglink.com.au/security-advisories/cve-2024-28096