📄 Selenium Server (Grid) 4.27.0 Code Injection

Proof of concept exploit for Selenium Server Grid versions 4.27.0 and below that exploits firefoxprofile to force the browser to run bash commands. ============================================================================================================================================= | Title...

The vulnerability of the Selenium Server’s distributed test execution tool, related to the manipulation of cross-site requests, allows a attacker to perform a CSRF attack.

The vulnerability of the Selenium Server Grid distributed testing tool is related to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to perform a CSRF attack remotely...

GHSA-H2RR-M97P-6JQ9 Selenium Server (Grid) CSRF

Selenium Server Grid before 4.0.0-alpha-7 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain...

CVE-2022-28108

Selenium Server Grid before 4 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain...

PYSEC-2022-43167

Selenium Server Grid before 4 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain...