7 matches found
CVE-2022-28108
Selenium Server Grid before 4 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain...
Exploit for Cross-Site Request Forgery (CSRF) in Selenium Selenium_Grid
Selenium Chrome RCE Exploit Extended This repository conta...
Selenium chrome RCE
Selenium Server Grid before 4.0.0-alpha-7 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain. Module Options msf use exploit/linux/http/seleniumgreedchromercecve202228108 msf exploitseleniumgreedchromercecve20222810...
au.net.causal.maven.plugins:browserbox-fixed-edge-driver (=1.0), au.net.causal.maven.plugins:browserbox-maven-plugin (=1.0) +580 more potentially affected by CVE-2022-28108 via org.seleniumhq.selenium:selenium-server (>=2.0a2 <=4.0.0-alpha-2)
org.seleniumhq.selenium:selenium-server MAVEN version =2.0a2, =0.9.6, =0.9.6, =1.0.1, =0.2.0, =4.4-23, =1.0.2, =1.0.0, =1.1.1, =2.3.5 and more Source cves: CVE-2022-28108 Source advisory: OSV:GHSA-H2RR-M97P-6JQ9...
org.seleniumhq.selenium:selenium-session-map-redis (>=4.0.0-alpha-5 <=4.0.0-alpha-6) potentially affected by CVE-2022-28108 via org.seleniumhq.selenium:selenium-grid (>=4.0.0-alpha-5 <=4.0.0-alpha-6)
org.seleniumhq.selenium:selenium-grid MAVEN version =4.0.0-alpha-5, =4.0.0-alpha-5, =4.0.0-alpha-6 Source cves: CVE-2022-28108 Source advisory: OSV:GHSA-H2RR-M97P-6JQ9...
CVE-2022-28108
creationtimestamp| type| source ---|---|--- 2022-04-19 07:23:25+00:00| seen| https://t.me/cibsecurity/41084 2025-01-07 10:17:16+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/seleniumgreedchromercecve202228108.rb 2025-01-08 12:52:55+00:00| seen...
CVE-2022-28108
CVE-2022-28108: Selenium Server (Grid) CSRF in versions before 4.0.0-alpha-7 arises because the server accepts non-JSON content types (e.g., text/plain, application/x-www-form-urlencoded, multipart/form-data) for requests. The vulnerability can be triggered via crafted requests (e.g., to /wd/hub/...