CVE-2023-45889 - OpenCVE

A Universal Cross Site Scripting (UXSS) vulnerability in ClassLink OneClick Extension through 10.8 allows remote attackers to inject JavaScript into any webpage. NOTE: this issue exists because of an incomplete fix for CVE-2022-48612.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Classlink	Oneclick

Configuration 1 [-]

cpe:2.3:a:classlink:oneclick:*:*:*:*:*:*:*:*

References

Link	Resource
https://blog.zerdle.net/classlink/	Third Party Advisory
https://blog.zerdle.net/classlink2/	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2024-01-23T00:00:00

Updated: 2024-01-23T17:40:18.567876

Reserved: 2023-10-15T00:00:00

Link: CVE-2023-45889

JSON object: View

NVD Information

Status : Analyzed

Published: 2024-01-23T18:15:18.053

Modified: 2024-01-29T22:49:49.317

Link: CVE-2023-45889

JSON object: View

Redhat Information

No data.

CWE

CWE-79