Lucene search
+L

7 matches found

redhatcve
redhatcve
added 2025/05/22 10:41 p.m.10 views

CVE-2022-28108

Selenium Server Grid before 4 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain...

9.3CVSS6.8AI score0.11675EPSS
Exploits6References1
githubexploit
githubexploit
added 2025/01/09 10:28 p.m.292 views

Exploit for Cross-Site Request Forgery (CSRF) in Selenium Selenium_Grid

Selenium Chrome RCE Exploit Extended This repository conta...

9.3CVSS9.6AI score0.11675EPSS
Exploits6
metasploit
metasploit
added 2025/01/07 6:58 p.m.480 views

Selenium chrome RCE

Selenium Server Grid before 4.0.0-alpha-7 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain. Module Options msf use exploit/linux/http/seleniumgreedchromercecve202228108 msf exploitseleniumgreedchromercecve20222810...

9.3CVSS7.3AI score0.11675EPSS
Exploits6
vulnersosv
vulnersosv
added 2022/04/20 12:0 a.m.4 views

au.net.causal.maven.plugins:browserbox-fixed-edge-driver (=1.0), au.net.causal.maven.plugins:browserbox-maven-plugin (=1.0) +580 more potentially affected by CVE-2022-28108 via org.seleniumhq.selenium:selenium-server (>=2.0a2 <=4.0.0-alpha-2)

org.seleniumhq.selenium:selenium-server MAVEN version =2.0a2, =0.9.6, =0.9.6, =1.0.1, =0.2.0, =4.4-23, =1.0.2, =1.0.0, =1.1.1, =2.3.5 and more Source cves: CVE-2022-28108 Source advisory: OSV:GHSA-H2RR-M97P-6JQ9...

9.3CVSS7.2AI score0.11675EPSS
Exploits6
vulnersosv
vulnersosv
added 2022/04/20 12:0 a.m.9 views

org.seleniumhq.selenium:selenium-session-map-redis (>=4.0.0-alpha-5 <=4.0.0-alpha-6) potentially affected by CVE-2022-28108 via org.seleniumhq.selenium:selenium-grid (>=4.0.0-alpha-5 <=4.0.0-alpha-6)

org.seleniumhq.selenium:selenium-grid MAVEN version =4.0.0-alpha-5, =4.0.0-alpha-5, =4.0.0-alpha-6 Source cves: CVE-2022-28108 Source advisory: OSV:GHSA-H2RR-M97P-6JQ9...

9.3CVSS7.2AI score0.11675EPSS
Exploits6
circl
circl
added 2022/04/19 7:23 a.m.10 views

CVE-2022-28108

creationtimestamp| type| source ---|---|--- 2022-04-19 07:23:25+00:00| seen| https://t.me/cibsecurity/41084 2025-01-07 10:17:16+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/seleniumgreedchromercecve202228108.rb 2025-01-08 12:52:55+00:00| seen...

9.3CVSS8AI score0.11675EPSS
Exploits6References5
cve
cve
added 2022/04/19 2:55 a.m.134 views

CVE-2022-28108

CVE-2022-28108: Selenium Server (Grid) CSRF in versions before 4.0.0-alpha-7 arises because the server accepts non-JSON content types (e.g., text/plain, application/x-www-form-urlencoded, multipart/form-data) for requests. The vulnerability can be triggered via crafted requests (e.g., to /wd/hub/...

9.3CVSS8.7AI score0.11675EPSS
Exploits6References3Affected Software1
Rows per page
Query Builder