Selenium Selenium Grid — known CVE vulnerabilities
Every CVE whose affected-product data names Selenium Selenium Grid, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2022-28108 — CVSS 8.8 (high): Selenium Server (Grid) before 4 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded…
CVE-2022-28109 — CVSS 8.8 (high): Selenium Selenium Grid (formerly Selenium Standalone Server) Fixed in 4.0.0-alpha-7 is affected by: DNS rebinding. The impact is: execute…
CVE-2020-23452 — CVSS 6.1 (medium): A cross-site scripting (XSS) vulnerability in Selenium Grid v3.141.59 allows attackers to execute arbitrary web scripts or HTML via a…