CVE-2022-28108

Selenium Server Grid before 4 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain...

CVE-2022-28108

Selenium Server Grid before 4 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain...

CVE-2022-28108

Selenium Server Grid before 4 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain...

3b-bot (>=1.0.0b0 <=1.0.0b3), 8a-scraper (>=0.0.2 <=0.0.4) +461 more potentially affected by CVE-2022-28108 via selenium (>=2.42.1 <=3.9.0)

selenium PYPI version =2.42.1, =1.0.0b0, =0.0.2, =0.0.5, =1.0.2, =1.0.6, =0.1.7, =0.1.0, =0.0.1, =2.0.0, =0.4.0, =0.2.0, =0.0.1, =0.0.3 and more Source cves: CVE-2022-28108 Source advisory: OSV:PYSEC-2022-43167...

Cross site request forgery (csrf)

Selenium Server Grid before 4 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain...

PYSEC-2022-43167

Selenium Server Grid before 4 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain...

PYSEC-2022-43167

Selenium Server Grid before 4 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain...

CVE-2022-28108

Selenium Server Grid before 4 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain...

CVE-2022-28108

CVE-2022-28108: Selenium Server (Grid) CSRF in versions before 4.0.0-alpha-7 arises because the server accepts non-JSON content types (e.g., text/plain, application/x-www-form-urlencoded, multipart/form-data) for requests. The vulnerability can be triggered via crafted requests (e.g., to /wd/hub/...

Selenium Server 跨站请求伪造漏洞

Selenium Grid is an intelligent proxy server for the Selenium community. It can easily run tests in parallel on multiple machines.A cross-site request spoofing vulnerability exists in versions prior to Selenium Server 4, which can be exploited by attackers to spoof malicious requests to trick...

CVE-2022-28109

A flaw was found in the WebDriver endpoint of Selenium Grid suite. A malicious web server can be reached via Cross-Site Request Forgery CSRF and DNS-rebinding attacks. This issue could allow an attacker to execute arbitrary code on the machine...

CVE-2022-28109

Selenium Selenium Grid formerly Selenium Standalone Server Fixed in 4.0.0-alpha-7 is affected by: DNS rebinding. The impact is: execute arbitrary code remote. The component is: WebDriver endpoint of Selenium Grid / Selenium Standalone Server. The attack vector is: Triggered by browsing to to a...

CVE-2022-28109

Selenium Selenium Grid formerly Selenium Standalone Server Fixed in 4.0.0-alpha-7 is affected by: DNS rebinding. The impact is: execute arbitrary code remote. The component is: WebDriver endpoint of Selenium Grid / Selenium Standalone Server. The attack vector is: Triggered by browsing to to a...

CVE-2022-28109

Selenium Selenium Grid formerly Selenium Standalone Server Fixed in 4.0.0-alpha-7 is affected by: DNS rebinding. The impact is: execute arbitrary code remote. The component is: WebDriver endpoint of Selenium Grid / Selenium Standalone Server. The attack vector is: Triggered by browsing to to a...

Code injection

Selenium Selenium Grid formerly Selenium Standalone Server Fixed in 4.0.0-alpha-7 is affected by: DNS rebinding. The impact is: execute arbitrary code remote. The component is: WebDriver endpoint of Selenium Grid / Selenium Standalone Server. The attack vector is: Triggered by browsing to to a...

CVE-2022-28109

Selenium Grid/WebDriver endpoint (Selenium Standalone Server) is affected by a DNS rebinding vulnerability that could allow remote arbitrary code execution. The issue occurs because visiting a malicious remote web server can trigger the vulnerability. A fix exists in 4.0.0-alpha-7; upgrading to t...

CVE-2022-28109

Selenium Selenium Grid formerly Selenium Standalone Server Fixed in 4.0.0-alpha-7 is affected by: DNS rebinding. The impact is: execute arbitrary code remote. The component is: WebDriver endpoint of Selenium Grid / Selenium Standalone Server. The attack vector is: Triggered by browsing to to a...

Selenium Grid 跨站请求伪造漏洞

Selenium Grid is a smart proxy server for the Selenium community. It is easy to run tests in parallel on multiple machines. A security vulnerability exists in Selenium Grid that stems from a problematic component Selenium Grid/Selenium Standalone Server DNS rebinding. An attacker can exploit this...

EvilSelenium - A Tool That Weaponizes Selenium To Attack Chromium Based Browsers

EvilSelenium is a new project that weaponizes Selenium to abuse Chromium-based browsers. The current features right now are: Steal stored credentials via autofill Steal cookies Take screenshots of websites Dump Gmail/O365 emails Dump WhatsApp messages Download & exfiltrate files Add SSH keys to...

HybridTestFramework - End To End Testing Of Web, API And Security

Full-fledged WEB, API and Security testing framework using selenium,ZAP OWASP proxy and rest-assured Supported Platforms This framework supports WebUi automation across a variety of browsers like Chrome, Firefox, IE, no only limited to this but extended to test rest api, security and visual...