Discovered by Akshay Raj on behalf of The Missing Link Security
Class functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users.
Fixed in: 23.1.3