CVE-2023-45889 Information

Description

A Universal Cross Site Scripting (UXSS) vulnerability in ClassLink OneClick Extension through 10.8 allows remote attackers to inject JavaScript into any webpage. NOTE: this issue exists because of an incomplete fix for CVE-2022-48612.

Reference

https://blog.zerdle.net/classlink/ https://blog.zerdle.net/classlink2/