A Universal Cross Site Scripting (UXSS) vulnerability in ClassLink OneClick Extension through 10.7 allows remote attackers to inject JavaScript into any webpage, because a regular expression (validating whether a URL is controlled by ClassLink) is not present in all applicable places.
References
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-10-16T00:00:00

Updated: 2024-09-16T18:55:47.743Z

Reserved: 2023-10-15T00:00:00

Link: CVE-2022-48612

cve-icon Vulnrichment

Updated: 2024-08-03T15:17:55.591Z

cve-icon NVD

Status : Analyzed

Published: 2023-10-16T00:15:10.350

Modified: 2023-10-19T16:22:05.877

Link: CVE-2022-48612

cve-icon Redhat

No data.