4 matches found
CVE-2022-48612
A Universal Cross Site Scripting UXSS vulnerability in ClassLink OneClick Extension through 10.7 allows remote attackers to inject JavaScript into any webpage, because a regular expression validating whether a URL is controlled by ClassLink is not present in all applicable places...
CVE-2023-45889
A Universal Cross Site Scripting UXSS vulnerability in ClassLink OneClick Extension through 10.8 allows remote attackers to inject JavaScript into any webpage. NOTE: this issue exists because of an incomplete fix for CVE-2022-48612...
Cross site scripting
A Universal Cross Site Scripting UXSS vulnerability in ClassLink OneClick Extension through 10.8 allows remote attackers to inject JavaScript into any webpage. NOTE: this issue exists because of an incomplete fix for CVE-2022-48612...
CVE-2022-48612
CVE-2022-48612 describes a Universal Cross Site Scripting (UXSS) weakness in ClassLink OneClick Extension up to version 10.7, enabling remote JavaScript injection by exploiting missing URL-control regexes in multiple code paths. Connected documents extend the impact to 10.8 (CVE-2023-45889) and i...