Remote Code Execution (RCE) Vulnerability in HtmlUnit via XSTL

Remote Code Execution (RCE) Vulnerability in HtmlUnit via XSTL

CVE-2023-49093 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage. This vulnerability has been patched in version 3.9.0

Learn more about our Web App Pen Testing.