CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-45889

A Universal Cross Site Scripting (UXSS) vulnerability in ClassLink OneClick Extension through 10.8 allows remote attackers to inject JavaScript into any webpage. NOTE: this issue exists because of an incomplete fix for CVE-2022-48612.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 35.9%

CVSS Severity

CVSS v3 Score 6.1

References

https://blog.zerdle.net/classlink/
https://blog.zerdle.net/classlink2/
https://blog.zerdle.net/classlink/
https://blog.zerdle.net/classlink2/

Products affected by CVE-2023-45889

Classlink » Oneclick » Version: N/A

cpe:2.3:a:classlink:oneclick:-
Classlink » Oneclick » Version: 10.7

cpe:2.3:a:classlink:oneclick:10.7
Classlink » Oneclick » Version: 10.8

cpe:2.3:a:classlink:oneclick:10.8

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-45889

Products

Pricing

Contact Us