CVE-2023-45889 is a Universal Cross Site Scripting (UXSS) vulnerability affecting the ClassLink OneClick browser extension up to version 10.8. This vulnerability allows remote attackers to inject arbitrary JavaScript code into any webpage viewed by the user of the extension. The root cause is an incomplete remediation of a previous vulnerability (CVE-2022-48612), indicating that the fix did not fully address the underlying security flaw. UXSS vulnerabilities are particularly dangerous because they bypass the same-origin policy, enabling malicious scripts to execute in the context of trusted websites. This can lead to theft of sensitive information such as cookies, session tokens, or other credentials, and can facilitate further attacks like account takeover or phishing. The CVSS v3.1 base score of 6.1 reflects a medium severity, with an attack vector of network (remote exploitation), low attack complexity, no privileges required, but user interaction is necessary (the user must visit a malicious or compromised webpage). The scope is changed, meaning the vulnerability affects components beyond the initially vulnerable extension, potentially impacting the browser or web applications. The vulnerability impacts confidentiality and integrity but not availability. No known exploits are currently reported in the wild, and no official patches or updates are linked yet. The vulnerability is categorized under CWE-79, which corresponds to Cross Site Scripting (XSS).

For European organizations, the impact of CVE-2023-45889 can be significant, especially for those relying on ClassLink OneClick extension for single sign-on (SSO) or identity management in educational or enterprise environments. Successful exploitation could allow attackers to execute malicious scripts in the context of legitimate websites, leading to data leakage, session hijacking, or unauthorized actions on behalf of users. This could compromise sensitive personal data protected under GDPR, leading to regulatory penalties and reputational damage. Additionally, organizations with remote or hybrid workforces may see increased risk due to the necessity of user interaction for exploitation. The vulnerability could be leveraged in targeted phishing campaigns or supply chain attacks, particularly against sectors with high-value data such as education, government, and critical infrastructure. The lack of a patch increases the window of exposure, and the incomplete fix from a prior CVE suggests that attackers may find ways to bypass existing mitigations.

Organizations should immediately audit their use of the ClassLink OneClick extension and assess exposure. Until an official patch is released, users should be advised to disable or uninstall the extension to eliminate the attack surface. Network-level protections such as web filtering and endpoint security solutions should be configured to block access to known malicious sites and detect suspicious script injections. Security awareness training should emphasize the risks of interacting with untrusted web content, especially for users of the affected extension. Monitoring browser activity and logs for unusual behavior can help detect exploitation attempts. Organizations should engage with ClassLink support channels to obtain updates on patch availability and apply them promptly once released. Where possible, alternative secure authentication mechanisms should be considered to reduce dependency on vulnerable extensions. Implementing Content Security Policy (CSP) headers on internal web applications can also help mitigate the impact of injected scripts.