Skip to main content

Selenium Grid

2 CVEs product

Monthly

CVE-2022-28108 LIB HIGH POC PATCH THREAT This Week

Selenium Server (Grid) before 4 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Selenium Grid
NVD
CVSS 3.1
8.8
EPSS
11.7%
CVE-2022-28109 HIGH POC This Week

Selenium Selenium Grid (formerly Selenium Standalone Server) Fixed in 4.0.0-alpha-7 is affected by: DNS rebinding. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE CSRF Selenium Grid
NVD
CVSS 3.1
8.8
EPSS
1.0%
EPSS 12% CVSS 8.8
HIGH POC PATCH THREAT This Week

Selenium Server (Grid) before 4 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Selenium Grid
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Selenium Selenium Grid (formerly Selenium Standalone Server) Fixed in 4.0.0-alpha-7 is affected by: DNS rebinding. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE CSRF Selenium Grid
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy