13 matches found
CVE-2023-45889
A Universal Cross Site Scripting UXSS vulnerability in ClassLink OneClick Extension through 10.8 allows remote attackers to inject JavaScript into any webpage. NOTE: this issue exists because of an incomplete fix for CVE-2022-48612...
EUVD-2022-51308
Malicious code in bioql PyPI...
CVE-2023-45889
A Universal Cross Site Scripting UXSS vulnerability in ClassLink OneClick Extension through 10.8 allows remote attackers to inject JavaScript into any webpage. NOTE: this issue exists because of an incomplete fix for CVE-2022-48612...
CVE-2023-45889
A Universal Cross Site Scripting UXSS vulnerability in ClassLink OneClick Extension through 10.8 allows remote attackers to inject JavaScript into any webpage. NOTE: this issue exists because of an incomplete fix for CVE-2022-48612...
Cross site scripting
A Universal Cross Site Scripting UXSS vulnerability in ClassLink OneClick Extension through 10.8 allows remote attackers to inject JavaScript into any webpage. NOTE: this issue exists because of an incomplete fix for CVE-2022-48612...
PT-2024-13297 · Classlink · Classlink Oneclick Extension
Name of the Vulnerable Software and Affected Versions: ClassLink OneClick Extension versions through 10.8 Description: A Universal Cross Site Scripting UXSS issue allows remote attackers to inject JavaScript into any webpage. This issue exists due to an incomplete fix for a previous problem...
CVE-2023-45889
CVE-2023-45889 is a UXSS vulnerability in ClassLink OneClick Extension up to version 10.8, allowing remote injection of JavaScript into arbitrary web pages. The issue stems from an incomplete fix of CVE-2022-48612, as noted across multiple sources (including Red Hat and CVE entries). Affected sof...
CVE-2023-45889
A Universal Cross Site Scripting UXSS vulnerability in ClassLink OneClick Extension through 10.8 allows remote attackers to inject JavaScript into any webpage. NOTE: this issue exists because of an incomplete fix for CVE-2022-48612...
CVE-2022-48612
A Universal Cross Site Scripting UXSS vulnerability in ClassLink OneClick Extension through 10.7 allows remote attackers to inject JavaScript into any webpage, because a regular expression validating whether a URL is controlled by ClassLink is not present in all applicable places...
CVE-2022-48612
A Universal Cross Site Scripting UXSS vulnerability in ClassLink OneClick Extension through 10.7 allows remote attackers to inject JavaScript into any webpage, because a regular expression validating whether a URL is controlled by ClassLink is not present in all applicable places...
CVE-2022-48612
CVE-2022-48612 describes a Universal Cross Site Scripting (UXSS) weakness in ClassLink OneClick Extension up to version 10.7, enabling remote JavaScript injection by exploiting missing URL-control regexes in multiple code paths. Connected documents extend the impact to 10.8 (CVE-2023-45889) and i...
CVE-2022-48612
A Universal Cross Site Scripting UXSS vulnerability in ClassLink OneClick Extension through 10.7 allows remote attackers to inject JavaScript into any webpage, because a regular expression validating whether a URL is controlled by ClassLink is not present in all applicable places...
PT-2023-15879 · Classlink · Classlink Oneclick Extension
Name of the Vulnerable Software and Affected Versions: ClassLink OneClick Extension versions through 10.7 Description: A Universal Cross Site Scripting UXSS issue allows remote attackers to inject JavaScript into any webpage. This is because a regular expression, which validates whether a URL is...