Lucene search
+L

33 matches found

CVE
CVE
added 2023/07/05 12:0 a.m.44 views

CVE-2020-23452

CVE-2020-23452 affects Selenium Grid v3.141.59. The XSS vulnerability occurs in the hub parameter on the /grid/console page, allowing injection of arbitrary scripts/HTML. Documented impact is privacy/Integrity concerns with low to moderate severity (CVSS v3.1 base 6.1). No patch or remediation de...

6.1CVSS5.8AI score0.00406EPSS
Exploits1References1Affected Software1
Check Point Advisories
Check Point Advisories
added 2022/06/07 12:0 a.m.35 views

Selenium Grid Cross-Site Request Forgery (CVE-2022-28108)

A cross-site request forgery vulnerability exists in Selenium Grid. Successful exploitation of this vulnerability could result in code execution on the affected system...

9.3CVSS2.7AI score0.11675EPSS
Exploits6
OSV
OSV
added 2022/05/24 5:19 p.m.9 views

GHSA-RP4X-XPGF-4XV7 Complete lack of CSRF protection in Jenkins Selenium Plugin can lead to OS command injection

Selenium Plugin 3.141.59 and earlier has no CSRF protection for its HTTP endpoints. This allows attackers to perform the following actions: - Restart the Selenium Grid hub. - Delete or replace the plugin configuration. - Start, stop, or restart Selenium configurations on specific nodes. Through...

7.1CVSS8.1AI score0.00937EPSS
Exploits0References5
CNVD
CNVD
added 2022/04/21 12:0 a.m.24 views

Selenium Server Cross-Site Request Forgery Vulnerability

Selenium Grid is an intelligent proxy server for the Selenium community. It can easily run tests in parallel on multiple machines.A cross-site request spoofing vulnerability exists in versions prior to Selenium Server 4, which can be exploited by attackers to spoof malicious requests to trick...

9.3CVSS3.9AI score0.11675EPSS
Exploits6References1
vulnersOsv
vulnersOsv
added 2022/04/20 12:0 a.m.9 views

org.seleniumhq.selenium:selenium-session-map-redis (>=4.0.0-alpha-5 <=4.0.0-alpha-6) potentially affected by CVE-2022-28108 via org.seleniumhq.selenium:selenium-grid (>=4.0.0-alpha-5 <=4.0.0-alpha-6)

org.seleniumhq.selenium:selenium-grid MAVEN version =4.0.0-alpha-5, =4.0.0-alpha-5, =4.0.0-alpha-6 Source cves: CVE-2022-28108 Source advisory: OSV:GHSA-H2RR-M97P-6JQ9...

9.3CVSS7.2AI score0.11675EPSS
Exploits6
RedhatCVE
RedhatCVE
added 2022/04/18 7:55 p.m.54 views

CVE-2022-28109

A flaw was found in the WebDriver endpoint of Selenium Grid suite. A malicious web server can be reached via Cross-Site Request Forgery CSRF and DNS-rebinding attacks. This issue could allow an attacker to execute arbitrary code on the machine...

8.8CVSS5.2AI score0.01044EPSS
Exploits1References3
NVD
NVD
added 2022/04/15 4:15 p.m.20 views

CVE-2022-28109

Selenium Selenium Grid formerly Selenium Standalone Server Fixed in 4.0.0-alpha-7 is affected by: DNS rebinding. The impact is: execute arbitrary code remote. The component is: WebDriver endpoint of Selenium Grid / Selenium Standalone Server. The attack vector is: Triggered by browsing to to a...

8.8CVSS0.01044EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2022/04/15 4:15 p.m.3 views

CVE-2022-28109

Selenium Selenium Grid formerly Selenium Standalone Server Fixed in 4.0.0-alpha-7 is affected by: DNS rebinding. The impact is: execute arbitrary code remote. The component is: WebDriver endpoint of Selenium Grid / Selenium Standalone Server. The attack vector is: Triggered by browsing to to a...

8.8CVSS6.2AI score0.01044EPSS
Exploits1References4
Prion
Prion
added 2022/04/15 4:15 p.m.19 views

Code injection

Selenium Selenium Grid formerly Selenium Standalone Server Fixed in 4.0.0-alpha-7 is affected by: DNS rebinding. The impact is: execute arbitrary code remote. The component is: WebDriver endpoint of Selenium Grid / Selenium Standalone Server. The attack vector is: Triggered by browsing to to a...

6.8CVSS8.9AI score0.01044EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2022/04/15 3:50 p.m.24 views

CVE-2022-28109

Selenium Selenium Grid formerly Selenium Standalone Server Fixed in 4.0.0-alpha-7 is affected by: DNS rebinding. The impact is: execute arbitrary code remote. The component is: WebDriver endpoint of Selenium Grid / Selenium Standalone Server. The attack vector is: Triggered by browsing to to a...

9.1AI score0.01044EPSS
Exploits1References3
CVE
CVE
added 2022/04/15 3:50 p.m.74 views

CVE-2022-28109

Selenium Grid/WebDriver endpoint (Selenium Standalone Server) is affected by a DNS rebinding vulnerability that could allow remote arbitrary code execution. The issue occurs because visiting a malicious remote web server can trigger the vulnerability. A fix exists in 4.0.0-alpha-7; upgrading to t...

8.8CVSS8.9AI score0.01044EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2022/04/15 3:50 p.m.12 views

CVE-2022-28109

Selenium Selenium Grid formerly Selenium Standalone Server Fixed in 4.0.0-alpha-7 is affected by: DNS rebinding. The impact is: execute arbitrary code remote. The component is: WebDriver endpoint of Selenium Grid / Selenium Standalone Server. The attack vector is: Triggered by browsing to to a...

8.8CVSS7.8AI score0.01044EPSS
Exploits1References5
CNNVD
CNNVD
added 2022/04/15 12:0 a.m.4 views

Selenium Grid 跨站请求伪造漏洞

Selenium Grid is a smart proxy server for the Selenium community. It is easy to run tests in parallel on multiple machines. A security vulnerability exists in Selenium Grid that stems from a problematic component Selenium Grid/Selenium Standalone Server DNS rebinding. An attacker can exploit this...

8.8CVSS8.4AI score0.01044EPSS
Exploits1References5
Rows per page
Query Builder