WireMock with GUI versions 3.2.0.0 through 3.0.4.0 are vulnerable to stored cross-site scripting (SXSS) through the recording feature. An attacker can host a malicious payload and perform a test mapping pointing to the attacker's file, and the result will render on the Matched page in the Body area, resulting in the execution of the payload. This occurs because the response body is not validated or sanitized.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NWiremock
APPWiremock3.0.4 – 3.2.0
Powiązane podatności
An XXE vulnerability within WireMock before 2.16.0 allows a remote unauthenticated attacker to access local fi...
WireMock is a tool for mocking HTTP services. WireMock can be configured to only permit proxying (and therefor...
WireMock before 2.16.0 contains a vulnerability that allows a remote unauthenticated attacker to access local ...
WireMock is a tool for mocking HTTP services. The proxy mode of WireMock, can be protected by the network rest...
WireMock is a tool for mocking HTTP services. When certain request URLs like “@127.0.0.1:1234" are used in Wir...