CVE-2023-50069
Last modified
CVE-2023-50069 is a medium-severity vulnerability rated 6.1/10 on the CVSS scale. WireMock with GUI versions 3.2.0.0 through 3.0.4.0 are vulnerable to stored cross-site scripting (SXSS) through the recording feature. An attacker can host a malicious payload and perform a test mapping pointing to the attacker's file, and the result will render on the Matched page in the Body area, resulting in the execution of the payload. EPSS estimates a 0.44% chance of exploitation in the next 30 days.
Description
WireMock with GUI versions 3.2.0.0 through 3.0.4.0 are vulnerable to stored cross-site scripting (SXSS) through the recording feature. An attacker can host a malicious payload and perform a test mapping pointing to the attacker's file, and the result will render on the Matched page in the Body area, resulting in the execution of the payload. This occurs because the response body is not validated or sanitized.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Wiremock | Wiremock | >= 3.0.4, <= 3.2.0 |
References
- https://github.com/holomekc/wiremock/issues/51Exploit, Issue Tracking, Vendor Advisory
- https://github.com/holomekc/wiremock/issues/51Exploit, Issue Tracking, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-50069?
How severe is CVE-2023-50069?
How do I fix CVE-2023-50069?
Are you affected by CVE-2023-50069?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST