Unrated severityNVD Advisory· Published Nov 1, 2023· Updated Feb 13, 2025

CVE-2023-5480

Description

Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to bypass XSS preventions via a malicious file. (Chromium security severity: High)

Affected products

osv-coords9 versions
pkg:rpm/opensuse/chromium&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/chromium&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/chromium&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/gn&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/gn&distro=openSUSE%20Leap%2015.5 pkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2015%20SP4 pkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2015%20SP5 pkg:rpm/suse/gn&distro=SUSE%20Package%20Hub%2015%20SP4 pkg:rpm/suse/gn&distro=SUSE%20Package%20Hub%2015%20SP5
< 119.0.6045.123-bp155.2.55.1+ 8 more
- (no CPE)range: < 119.0.6045.123-bp155.2.55.1
- (no CPE)range: < 119.0.6045.123-bp155.2.55.1
- (no CPE)range: < 119.0.6045.123-1.1
- (no CPE)range: < 0.20231023-bp155.5.3.1
- (no CPE)range: < 0.20231023-bp155.5.3.1
- (no CPE)range: < 119.0.6045.123-bp155.2.55.1
- (no CPE)range: < 119.0.6045.123-bp155.2.55.1
- (no CPE)range: < 0.20231023-bp155.5.3.1
- (no CPE)range: < 0.20231023-bp155.5.3.1
Google/Chromev5
Range: 119.0.6045.105

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

Top 10 web hacking techniques of 2024: nominations open
PortSwigger Research · Jan 8, 2025

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000