{"id":"CVE-2023-52263","details":"Brave Browser before 1.59.40 does not properly restrict the schema for WebUI factory and redirect. This is related to browser/brave_content_browser_client.cc and browser/ui/webui/brave_web_ui_controller_factory.cc.","modified":"2026-04-12T08:24:39.196400Z","published":"2023-12-30T19:15:08.253Z","references":[{"type":"FIX","url":"https://github.com/brave/brave-browser/issues/32449"},{"type":"FIX","url":"https://github.com/brave/brave-browser/issues/32473"},{"type":"FIX","url":"https://github.com/brave/brave-core/pull/19820"},{"type":"FIX","url":"https://github.com/brave/brave-core/pull/19820/commits/9da202f7f4bc80b6975909b684bbc0764a31c4e9"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/brave/brave-browser","events":[{"introduced":"0"},{"fixed":"9cf8d30112c220f0331a4bf9574260ebc676deb3"}],"database_specific":{"cpe":"cpe:2.3:a:brave:browser:*:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"fixed":"1.59.40"}]}}],"versions":["dev-latest","v0.50.13","v0.50.14","v0.54.0","v0.54.1","v0.54.2","v0.54.3","v0.54.4","v0.55.1","v0.55.2","v0.55.3","v0.55.4","v0.55.5","v1.39.65","v1.5.100b","v1.5.58b","v1.5.59b","v1.5.89b","v1.5.90b","v1.5.97b"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-52263.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}