MEDIUM🇬🇧 English

CVE-2023-50069

CVSS 6.1v3.1pub. 2023-12-29upd. 2024-11-21

WireMock with GUI versions 3.2.0.0 through 3.0.4.0 are vulnerable to stored cross-site scripting (SXSS) through the recording feature. An attacker can host a malicious payload and perform a test mapping pointing to the attacker's file, and the result will render on the Matched page in the Body area, resulting in the execution of the payload. This occurs because the response body is not validated or sanitized.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
  • Wiremock

    APP
    Wiremock
    3.0.4 – 3.2.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XSS
CWE
Referencje

Powiązane podatności

CVE-2018-9116CRITICAL9.1ten sam produkt

An XXE vulnerability within WireMock before 2.16.0 allows a remote unauthenticated attacker to access local fi...

CVE-2023-41327MEDIUM4.6ten sam produkt

WireMock is a tool for mocking HTTP services. WireMock can be configured to only permit proxying (and therefor...

CVE-2018-9117MEDIUM5.3ten sam produkt

WireMock before 2.16.0 contains a vulnerability that allows a remote unauthenticated attacker to access local ...

CVE-2023-41329LOW3.9ten sam produkt

WireMock is a tool for mocking HTTP services. The proxy mode of WireMock, can be protected by the network rest...

CVE-2023-39967CRITICAL10.0ten sam vendor

WireMock is a tool for mocking HTTP services. When certain request URLs like “@127.0.0.1:1234" are used in Wir...