Home > Vulnerability Database > CVE-2023-50069

Mend.io Vulnerability Database

CVE-2023-50069

Date: December 28, 2023

WireMock with GUI versions 3.2.0.0 through 3.0.4.0 are vulnerable to stored cross-site scripting (SXSS) through the recording feature. An attacker can host a malicious payload and perform a test mapping pointing to the attacker's file, and the result will render on the Matched page in the Body area, resulting in the execution of the payload. This occurs because the response body is not validated or sanitized.

Language: TYPE_SCRIPT

Severity Score

6.1

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-50069

Url: https://github.com/holomekc/wiremock/issues/51

Url: https://www.mend.io/vulnerability-database/CVE-2023-50069

Severity Score

6.1

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-50069

Date: December 28, 2023

Language: TYPE_SCRIPT

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?