20 matches found
MAL-2026-3049 Malicious code in classlink (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a2915556b569ee5a4e890ea4178a61836ed8799f93a30fb0ac5e30cc37a41ede The package classlink was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in classlink (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a2915556b569ee5a4e890ea4178a61836ed8799f93a30fb0ac5e30cc37a41ede The package classlink was found to contain malicious code. Source: ossf-package-analysis...
CVE-2023-45889
A Universal Cross Site Scripting UXSS vulnerability in ClassLink OneClick Extension through 10.8 allows remote attackers to inject JavaScript into any webpage. NOTE: this issue exists because of an incomplete fix for CVE-2022-48612...
EUVD-2022-51308
Malicious code in bioql PyPI...
CVE-2022-48612
A Universal Cross Site Scripting UXSS vulnerability in ClassLink OneClick Extension through 10.7 allows remote attackers to inject JavaScript into any webpage, because a regular expression validating whether a URL is controlled by ClassLink is not present in all applicable places...
CVE-2023-45889
A Universal Cross Site Scripting UXSS vulnerability in ClassLink OneClick Extension through 10.8 allows remote attackers to inject JavaScript into any webpage. NOTE: this issue exists because of an incomplete fix for CVE-2022-48612...
CVE-2023-45889
A Universal Cross Site Scripting UXSS vulnerability in ClassLink OneClick Extension through 10.8 allows remote attackers to inject JavaScript into any webpage. NOTE: this issue exists because of an incomplete fix for CVE-2022-48612...
Cross site scripting
A Universal Cross Site Scripting UXSS vulnerability in ClassLink OneClick Extension through 10.8 allows remote attackers to inject JavaScript into any webpage. NOTE: this issue exists because of an incomplete fix for CVE-2022-48612...
PT-2024-13297 · Classlink · Classlink Oneclick Extension
Name of the Vulnerable Software and Affected Versions: ClassLink OneClick Extension versions through 10.8 Description: A Universal Cross Site Scripting UXSS issue allows remote attackers to inject JavaScript into any webpage. This issue exists due to an incomplete fix for a previous problem...
CVE-2023-45889
CVE-2023-45889 is a UXSS vulnerability in ClassLink OneClick Extension up to version 10.8, allowing remote injection of JavaScript into arbitrary web pages. The issue stems from an incomplete fix of CVE-2022-48612, as noted across multiple sources (including Red Hat and CVE entries). Affected sof...
ClassLink Security Vulnerability
ClassLink is a provider of identity and access management products from ClassLink, Inc. that provide instant access to applications and files through SSO, class scheduling, account configuration, and more. A security vulnerability exists in ClassLink OneClick Extension 10.8 and prior versions,...
CVE-2023-45889
A Universal Cross Site Scripting UXSS vulnerability in ClassLink OneClick Extension through 10.8 allows remote attackers to inject JavaScript into any webpage. NOTE: this issue exists because of an incomplete fix for CVE-2022-48612...
CVE-2022-48612
A Universal Cross Site Scripting UXSS vulnerability in ClassLink OneClick Extension through 10.7 allows remote attackers to inject JavaScript into any webpage, because a regular expression validating whether a URL is controlled by ClassLink is not present in all applicable places...
CVE-2022-48612
A Universal Cross Site Scripting UXSS vulnerability in ClassLink OneClick Extension through 10.7 allows remote attackers to inject JavaScript into any webpage, because a regular expression validating whether a URL is controlled by ClassLink is not present in all applicable places...
Cross site scripting
A Universal Cross Site Scripting UXSS vulnerability in ClassLink OneClick Extension through 10.7 allows remote attackers to inject JavaScript into any webpage, because a regular expression validating whether a URL is controlled by ClassLink is not present in all applicable places...
CVE-2022-48612
CVE-2022-48612 describes a Universal Cross Site Scripting (UXSS) weakness in ClassLink OneClick Extension up to version 10.7, enabling remote JavaScript injection by exploiting missing URL-control regexes in multiple code paths. Connected documents extend the impact to 10.8 (CVE-2023-45889) and i...
CVE-2022-48612
A Universal Cross Site Scripting UXSS vulnerability in ClassLink OneClick Extension through 10.7 allows remote attackers to inject JavaScript into any webpage, because a regular expression validating whether a URL is controlled by ClassLink is not present in all applicable places...
PT-2023-15879 · Classlink · Classlink Oneclick Extension
Name of the Vulnerable Software and Affected Versions: ClassLink OneClick Extension versions through 10.7 Description: A Universal Cross Site Scripting UXSS issue allows remote attackers to inject JavaScript into any webpage. This is because a regular expression, which validates whether a URL is...
ClassLink Cross-Site Scripting Vulnerability
ClassLink is a provider of identity and access management products from ClassLink, Inc. that provide instant access to applications and files through SSO, class scheduling, account configuration, and more. A security vulnerability exists in ClassLink OneClick Extension version 10.7 that stems fro...
classlink.com XSS vulnerability
Vulnerable URL: https://www.classlink.com/webinar/?submit=aaaaa%22%3E%3Cimg%20src=x%20onerror=prompt/OPENBUGBOUNTY/%3E= Details: Description| Value ---|--- Patched:| No Latest check for patch:| 09.10.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 31084 VIP...