CVE-2020-23452: 
Python vulnerability analysis and mitigation

A cross-site scripting (XSS) vulnerability was discovered in Selenium Grid version 3.141.59. The vulnerability exists in the /grid/console page where unvalidated user input from node's configuration is displayed back to users via the hub parameter (NVD, GitHub Issue).

The vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the hub parameter under the /grid/console page. The issue stems from improper validation of node configuration input that is later displayed in the web interface. The vulnerability has been assigned a CVSS v3.1 base score of 6.1 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (NVD).

When successfully exploited, this vulnerability allows attackers to inject and execute malicious JavaScript code in users' browsers when they access the Selenium Grid console page. This could lead to theft of sensitive information, session hijacking, or other client-side attacks in the context of the vulnerable web application (GitHub Issue).

The proper mitigation is to ensure that the contents of the configuration file are properly encoded before being displayed to users in the web interface. Users should upgrade to a patched version of Selenium Grid that implements proper input validation and output encoding (GitHub Issue).