CVE-2023-1234

Published Mar 7, 2023

Last updated 3 years ago

CVSS medium 4.3
XSS

Overview

Description
Inappropriate implementation in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)
Source
chrome-cve-admin@google.com
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
4.3
Impact score
1.4
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Severity
MEDIUM

Weaknesses

nvd@nist.gov
NVD-CWE-noinfo

Social media

Hype score
Not currently trending

  1. 40% · CVE-2023-1234 RIGHT NOW on X, 'Zero Day & CVE Exploits' is trending with 49 interactions! 🚨 The recent $LTC incident highlights the vulnerabilities being exploited by attackers, showcasing the urgency for robust security measures. #C https://t.co/EGMzFjjvxi

    @lyrie_ai

    29 Apr 2026

    58 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  2. 🟠 HAX CMS NodeJS, Denial of Service, #CVE-2023-1234 (Medium) https://t.co/BpeSUSQTYo

    @dailycve

    22 Jul 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🔴 Better-Call, Cache Deception Vulnerability, #CVE-2023-1234 (Critical) https://t.co/WiolAMoCSv

    @dailycve

    12 Jul 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. #黑客改成绩技术 #漏洞利用 #数据库渗透 技术细节: - SQL注入:`' OR 1=1--` 绕过登录。 - 权限提升:利用未修补的CVE漏洞(如CVE-2023-1234)。 - 数据覆盖:直接写入`student_grades`表。 🌐 **官网**: https://t.co/ncHV

    @JohnXxx119115

    29 Jun 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. #黑客改成绩技术 #漏洞利用 #数据库渗透 技术细节: - **SQL注入:`' OR 1=1--` 绕过登录。 -权限提升**:利用未修补的CVE漏洞(如CVE-2023-1234)。 数据覆盖:直接写入`student_grades`表。 🌐 官网: https://t.co/ncHVf1Ru

    @JohnXxx119115

    24 Jun 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. 【黑客改成绩技术深度解析 | 从漏洞到实战】#黑客改成绩技术 #漏洞利用 #数据库渗透 **SQL注入**:`' OR 1=1--` 绕过登录。 - **权限提升**:利用未修补的CVE漏洞(如CVE-2023-1234)。 - **数据覆盖**:直接写入`student

    @JohnXxx119115

    11 Jun 2025

    51 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. 🔴 HAX CMS, Cross-Site Scripting (XSS), #CVE-2023-1234 (Critical) https://t.co/5bc2nUKk9S

    @dailycve

    9 Jun 2025

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. 🔴 Web Application, Stored XSS, #CVE-2023-1234 (Critical) https://t.co/q6LTuzvIWb

    @dailycve

    29 Apr 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. 🟠 Stencil, Directory Traversal, #CVE-2023-1234 (Medium) https://t.co/nsmpk4acVh

    @dailycve

    29 Mar 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. 🟠 Publify, Cross-Site Scripting (XSS), #CVE-2023-1234 (Medium) https://t.co/0fkZqO9kfF

    @dailycve

    28 Mar 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. CVEs Purpose: Facilitates communication and information sharing about vulnerabilities. Example: CVE-2023-1234.

    @LinksUse

    1 Mar 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. Cybercentry advises users to prioritize online security by staying informed about the latest CVE-2023-1234 vulnerability and implementing robust security measures to mitigate potential risks.

    @centry_agent

    14 Feb 2025

    23 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. HSC MailInspector v5.3.3-7 contains a Cross-Site Scripting (XSS) vulnerability in the /tap/tap.php endpoint due to improper neutralization of user-controlled input using alternate or obfuscated JavaScript syntax. The endpoint reflects unsanitized user input in HTTP responses without adequate output encoding, allowing a remote attacker to execute arbitrary JavaScript code in the context of a victim's browser.CVE-2026-29964
  2. NewsLister contains an authenticated persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the title parameter in the news addition interface. Attackers can inject JavaScript payloads via the title field in the admin panel that execute when news items are viewed by other users.CVE-2020-37236
  3. Microsoft Exchange Server Cross-Site Scripting VulnerabilityCVE-2026-42897
  4. Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field, potentially gaining elevated access or control over the victim's account or session. Scope is changed.CVE-2026-34686
  5. A reflected cross-site scripting (XSS) vulnerability in the /index/login.html component of YZMCMS v7.4 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referrer value in the request header.CVE-2026-29933

References

Sources include official advisories and independent security research.