Skip to main content

Htmlunit

6 CVEs product

Monthly

CVE-2023-49093 Maven HIGH POC PATCH This Week

HtmlUnit is a GUI-less browser for Java programs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE Code Injection Htmlunit
NVD GitHub
CVSS 3.1
8.8
EPSS
2.4%
CVE-2023-2798 Maven HIGH PATCH This Week

Those using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Htmlunit
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-26119 Maven CRITICAL POC PATCH Act Now

Versions of the package net.sourceforge.htmlunit:htmlunit from 0 and before 3.0.0 are vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Htmlunit
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2022-29546 Maven HIGH PATCH This Week

HtmlUnit NekoHtml Parser before 2.61.0 suffers from a denial of service vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Htmlunit
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-28366 Maven HIGH PATCH This Week

Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction (PI) input that causes excessive heap memory consumption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cyberneko Html Htmlunit Antisamy
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
CVE-2020-5529 Maven HIGH PATCH This Week

HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Java RCE Htmlunit Debian Linux +2
NVD GitHub
CVSS 3.1
8.1
EPSS
4.7%
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

HtmlUnit is a GUI-less browser for Java programs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE Code Injection +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Those using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Htmlunit
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC PATCH Act Now

Versions of the package net.sourceforge.htmlunit:htmlunit from 0 and before 3.0.0 are vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Htmlunit
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

HtmlUnit NekoHtml Parser before 2.61.0 suffers from a denial of service vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Htmlunit
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction (PI) input that causes excessive heap memory consumption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cyberneko Html Htmlunit +1
NVD GitHub
EPSS 5% CVSS 8.1
HIGH PATCH This Week

HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Java RCE +4
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy