Selenium Grid vulnerabilities
3 known vulnerabilities affecting selenium/selenium_grid.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2022-28108P3HIGHCVSS 8.8fixed in 4.0.0v4.0.02022-04-19
CVE-2022-28108 [HIGH] CWE-352 CVE-2022-28108: Selenium Server (Grid) before 4 allows CSRF because it permits non-JSON content types such as applic
Selenium Server (Grid) before 4 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain.
nvd
CVE-2022-28109P3HIGHCVSS 8.8fixed in 4.0.0v4.0.02022-04-15
CVE-2022-28109 [HIGH] CWE-352 CVE-2022-28109: Selenium Selenium Grid (formerly Selenium Standalone Server) Fixed in 4.0.0-alpha-7 is affected by:
Selenium Selenium Grid (formerly Selenium Standalone Server) Fixed in 4.0.0-alpha-7 is affected by: DNS rebinding. The impact is: execute arbitrary code (remote). The component is: WebDriver endpoint of Selenium Grid / Selenium Standalone Server. The attack vector is: Triggered by browsing to to a malicious remote web server. The WebDriver endpoint of
nvd
CVE-2020-23452P4MEDIUMCVSS 6.1v3.141.592023-07-05
CVE-2020-23452 [MEDIUM] CWE-79 CVE-2020-23452: A cross-site scripting (XSS) vulnerability in Selenium Grid v3.141.59 allows attackers to execute ar
A cross-site scripting (XSS) vulnerability in Selenium Grid v3.141.59 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the hub parameter under the /grid/console page.
nvd