Selenium: Security Vulnerabilities
NULL Pointer Dereference in GitHub repository seleniumhq/selenium prior to 4.14.0.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-10-15
A cross-site scripting (XSS) vulnerability in Selenium Grid v3.141.59 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the hub parameter under the /grid/console page.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-07-05
Selenium Server (Grid) before 4 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain.
CVSS Score
8.8
EPSS Score
0.704
Published
2022-04-19
Selenium Selenium Grid (formerly Selenium Standalone Server) Fixed in 4.0.0-alpha-7 is affected by: DNS rebinding. The impact is: execute arbitrary code (remote). The component is: WebDriver endpoint of Selenium Grid / Selenium Standalone Server. The attack vector is: Triggered by browsing to to a malicious remote web server. The WebDriver endpoint of Selenium Server (Grid) is vulnerable to DNS rebinding. This can be used to execute arbitrary code on the machine.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-04-15