Medium severity6.1NVD Advisory· Published Oct 16, 2023· Updated Jun 17, 2026
CVE-2022-48612
CVE-2022-48612
Description
A Universal Cross Site Scripting (UXSS) vulnerability in ClassLink OneClick Extension through 10.7 allows remote attackers to inject JavaScript into any webpage, because a regular expression (validating whether a URL is controlled by ClassLink) is not present in all applicable places.
Affected products
2- ClassLink/OneClick Extensiondescription
- Range: <=10.7
Patches
Vulnerability mechanics
References
1- blog.zerdle.net/classlink/nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.