PT-2023-36073 — Selenium Grid

PT-2023-36073 · Selenium · Selenium Grid

Published

2023-07-05

Updated

2023-07-05

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions Selenium Grid version 3.141.59

Description A cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the hub parameter under the "/grid/console" API endpoint.

Recommendations For Selenium Grid version 3.141.59, consider disabling access to the "/grid/console" page until a patch is available. Restrict the use of the hub parameter to minimize the risk of exploitation.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

PYSEC-2023-101

Affected Products

Selenium Grid

Related Identifiers

Affected Products

References · 2