exploitDog

CVE-2023-45889

Опубликовано: 23 янв. 2024

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

A Universal Cross Site Scripting (UXSS) vulnerability in ClassLink OneClick Extension through 10.8 allows remote attackers to inject JavaScript into any webpage. NOTE: this issue exists because of an incomplete fix for CVE-2022-48612.

Ссылки

https://blog.zerdle.net/classlink/
Third Party Advisory
https://blog.zerdle.net/classlink2/
Exploit
Third Party Advisory
https://blog.zerdle.net/classlink/
Third Party Advisory
https://blog.zerdle.net/classlink2/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:classlink:oneclick:*:*:*:*:*:*:*:*

Версия до 10.8 (включая)

EPSS

Процентиль: 35%

0.00148

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-pgcw-8wrq-74f3

CVSS3: 6.1

github

около 2 лет назад

A Universal Cross Site Scripting (UXSS) vulnerability in ClassLink OneClick Extension through 10.8 allows remote attackers to inject JavaScript into any webpage. NOTE: this issue exists because of an incomplete fix for CVE-2022-48612.

EPSS

Процентиль: 35%

0.00148

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

CWE-79