WireMock with GUI versions 3.2.0.0 through 3.0.4.0 are vulnerable to stored cross-site scripting (SXSS) through the recording feature. An attacker can host a malicious payload and perform a test mapping pointing to the attacker's file, and the result will render on the Matched page in the Body area, resulting in the execution of the payload. This occurs because the response body is not validated or sanitized.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://github.com/holomekc/wiremock/issues/51 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2023-12-29T00:00:00
Updated: 2024-08-02T22:09:49.603Z
Reserved: 2023-12-04T00:00:00
Link: CVE-2023-50069
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-12-29T21:15:08.713
Modified: 2024-11-21T08:36:30.267
Link: CVE-2023-50069
Redhat
No data.