CVE-2022-28108

CVE-2022-28108: Selenium Server (Grid) CSRF in versions before 4.0.0-alpha-7 arises because the server accepts non-JSON content types (e.g., text/plain, application/x-www-form-urlencoded, multipart/form-data) for requests. The vulnerability can be triggered via crafted requests (e.g., to /wd/hub/...

CVE-2022-28109

Selenium Grid/WebDriver endpoint (Selenium Standalone Server) is affected by a DNS rebinding vulnerability that could allow remote arbitrary code execution. The issue occurs because visiting a malicious remote web server can trigger the vulnerability. A fix exists in 4.0.0-alpha-7; upgrading to t...

CVE-2020-23452

CVE-2020-23452 affects Selenium Grid v3.141.59. The XSS vulnerability occurs in the hub parameter on the /grid/console page, allowing injection of arbitrary scripts/HTML. Documented impact is privacy/Integrity concerns with low to moderate severity (CVSS v3.1 base 6.1). No patch or remediation de...