CVE-2023-45889: n/a in n/a
A Universal Cross Site Scripting (UXSS) vulnerability in ClassLink OneClick Extension through 10.8 allows remote attackers to inject JavaScript into any webpage. NOTE: this issue exists because of an incomplete fix for CVE-2022-48612.
AI Analysis
Technical Summary
CVE-2023-45889 is a Universal Cross Site Scripting (UXSS) vulnerability affecting the ClassLink OneClick browser extension up to version 10.8. This vulnerability allows remote attackers to inject arbitrary JavaScript code into any webpage viewed by the user of the extension. The root cause is an incomplete remediation of a previous vulnerability (CVE-2022-48612), indicating that the fix did not fully address the underlying security flaw. UXSS vulnerabilities are particularly dangerous because they bypass the same-origin policy, enabling malicious scripts to execute in the context of trusted websites. This can lead to theft of sensitive information such as cookies, session tokens, or other credentials, and can facilitate further attacks like account takeover or phishing. The CVSS v3.1 base score of 6.1 reflects a medium severity, with an attack vector of network (remote exploitation), low attack complexity, no privileges required, but user interaction is necessary (the user must visit a malicious or compromised webpage). The scope is changed, meaning the vulnerability affects components beyond the initially vulnerable extension, potentially impacting the browser or web applications. The vulnerability impacts confidentiality and integrity but not availability. No known exploits are currently reported in the wild, and no official patches or updates are linked yet. The vulnerability is categorized under CWE-79, which corresponds to Cross Site Scripting (XSS).
Potential Impact
For European organizations, the impact of CVE-2023-45889 can be significant, especially for those relying on ClassLink OneClick extension for single sign-on (SSO) or identity management in educational or enterprise environments. Successful exploitation could allow attackers to execute malicious scripts in the context of legitimate websites, leading to data leakage, session hijacking, or unauthorized actions on behalf of users. This could compromise sensitive personal data protected under GDPR, leading to regulatory penalties and reputational damage. Additionally, organizations with remote or hybrid workforces may see increased risk due to the necessity of user interaction for exploitation. The vulnerability could be leveraged in targeted phishing campaigns or supply chain attacks, particularly against sectors with high-value data such as education, government, and critical infrastructure. The lack of a patch increases the window of exposure, and the incomplete fix from a prior CVE suggests that attackers may find ways to bypass existing mitigations.
Mitigation Recommendations
Organizations should immediately audit their use of the ClassLink OneClick extension and assess exposure. Until an official patch is released, users should be advised to disable or uninstall the extension to eliminate the attack surface. Network-level protections such as web filtering and endpoint security solutions should be configured to block access to known malicious sites and detect suspicious script injections. Security awareness training should emphasize the risks of interacting with untrusted web content, especially for users of the affected extension. Monitoring browser activity and logs for unusual behavior can help detect exploitation attempts. Organizations should engage with ClassLink support channels to obtain updates on patch availability and apply them promptly once released. Where possible, alternative secure authentication mechanisms should be considered to reduce dependency on vulnerable extensions. Implementing Content Security Policy (CSP) headers on internal web applications can also help mitigate the impact of injected scripts.
Affected Countries
United Kingdom, Germany, France, Netherlands, Sweden, Spain, Italy
CVE-2023-45889: n/a in n/a
Description
A Universal Cross Site Scripting (UXSS) vulnerability in ClassLink OneClick Extension through 10.8 allows remote attackers to inject JavaScript into any webpage. NOTE: this issue exists because of an incomplete fix for CVE-2022-48612.
AI-Powered Analysis
Technical Analysis
CVE-2023-45889 is a Universal Cross Site Scripting (UXSS) vulnerability affecting the ClassLink OneClick browser extension up to version 10.8. This vulnerability allows remote attackers to inject arbitrary JavaScript code into any webpage viewed by the user of the extension. The root cause is an incomplete remediation of a previous vulnerability (CVE-2022-48612), indicating that the fix did not fully address the underlying security flaw. UXSS vulnerabilities are particularly dangerous because they bypass the same-origin policy, enabling malicious scripts to execute in the context of trusted websites. This can lead to theft of sensitive information such as cookies, session tokens, or other credentials, and can facilitate further attacks like account takeover or phishing. The CVSS v3.1 base score of 6.1 reflects a medium severity, with an attack vector of network (remote exploitation), low attack complexity, no privileges required, but user interaction is necessary (the user must visit a malicious or compromised webpage). The scope is changed, meaning the vulnerability affects components beyond the initially vulnerable extension, potentially impacting the browser or web applications. The vulnerability impacts confidentiality and integrity but not availability. No known exploits are currently reported in the wild, and no official patches or updates are linked yet. The vulnerability is categorized under CWE-79, which corresponds to Cross Site Scripting (XSS).
Potential Impact
For European organizations, the impact of CVE-2023-45889 can be significant, especially for those relying on ClassLink OneClick extension for single sign-on (SSO) or identity management in educational or enterprise environments. Successful exploitation could allow attackers to execute malicious scripts in the context of legitimate websites, leading to data leakage, session hijacking, or unauthorized actions on behalf of users. This could compromise sensitive personal data protected under GDPR, leading to regulatory penalties and reputational damage. Additionally, organizations with remote or hybrid workforces may see increased risk due to the necessity of user interaction for exploitation. The vulnerability could be leveraged in targeted phishing campaigns or supply chain attacks, particularly against sectors with high-value data such as education, government, and critical infrastructure. The lack of a patch increases the window of exposure, and the incomplete fix from a prior CVE suggests that attackers may find ways to bypass existing mitigations.
Mitigation Recommendations
Organizations should immediately audit their use of the ClassLink OneClick extension and assess exposure. Until an official patch is released, users should be advised to disable or uninstall the extension to eliminate the attack surface. Network-level protections such as web filtering and endpoint security solutions should be configured to block access to known malicious sites and detect suspicious script injections. Security awareness training should emphasize the risks of interacting with untrusted web content, especially for users of the affected extension. Monitoring browser activity and logs for unusual behavior can help detect exploitation attempts. Organizations should engage with ClassLink support channels to obtain updates on patch availability and apply them promptly once released. Where possible, alternative secure authentication mechanisms should be considered to reduce dependency on vulnerable extensions. Implementing Content Security Policy (CSP) headers on internal web applications can also help mitigate the impact of injected scripts.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2023-10-15T00:00:00.000Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 6839c41d182aa0cae2b43573
Added to database: 5/30/2025, 2:43:41 PM
Last enriched: 7/8/2025, 4:26:37 PM
Last updated: 8/1/2025, 9:48:55 AM
Views: 15
Related Threats
CVE-2025-8981: SQL Injection in itsourcecode Online Tour and Travel Management System
MediumCVE-2025-50862: n/a
MediumCVE-2025-50861: n/a
HighCVE-2025-8978: Insufficient Verification of Data Authenticity in D-Link DIR-619L
HighCVE-2025-8946: SQL Injection in projectworlds Online Notes Sharing Platform
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.