VYPR
Medium severity6.1NVD Advisory· Published Oct 16, 2023· Updated Jun 17, 2026

CVE-2022-48612

CVE-2022-48612

Description

A Universal Cross Site Scripting (UXSS) vulnerability in ClassLink OneClick Extension through 10.7 allows remote attackers to inject JavaScript into any webpage, because a regular expression (validating whether a URL is controlled by ClassLink) is not present in all applicable places.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.