Universal Cross Site Scripting (UXSS) Vulnerability in ClassLink OneClick Extension through 10.8 Allows Remote JavaScript Injection

Universal Cross Site Scripting (UXSS) Vulnerability in ClassLink OneClick Extension through 10.8 Allows Remote JavaScript Injection

CVE-2023-45889 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

A Universal Cross Site Scripting (UXSS) vulnerability in ClassLink OneClick Extension through 10.8 allows remote attackers to inject JavaScript into any webpage. NOTE: this issue exists because of an incomplete fix for CVE-2022-48612.

Learn more about our Web App Pen Testing.