Lucene search
+L

77 matches found

nvd
nvd
added 2023/12/29 9:15 p.m.17 views

CVE-2023-50069

WireMock with GUI versions 3.2.0.0 through 3.0.4.0 are vulnerable to stored cross-site scripting SXSS through the recording feature. An attacker can host a malicious payload and perform a test mapping pointing to the attacker's file, and the result will render on the Matched page in the Body area...

6.1CVSS0.00442EPSS
Exploits1References1
prion
prion
added 2023/12/29 9:15 p.m.14 views

Cross site scripting

WireMock with GUI versions 3.2.0.0 through 3.0.4.0 are vulnerable to stored cross-site scripting SXSS through the recording feature. An attacker can host a malicious payload and perform a test mapping pointing to the attacker's file, and the result will render on the Matched page in the Body area...

5.8CVSS6.3AI score0.00442EPSS
Exploits1References1Affected Software1
ptsecurity
ptsecurity
added 2023/12/29 12:0 a.m.5 views

PT-2023-31465

Name of the Vulnerable Software and Affected Versions WireMock with GUI versions 3.0.4.0 through 3.2.0.0 Description The issue concerns stored cross-site scripting SXSS through the recording feature. An attacker can host a malicious payload and perform a test mapping pointing to the attacker's...

6.1CVSS6.4AI score0.00442EPSS
Exploits1References9
cve
cve
added 2023/12/29 12:0 a.m.51 views

CVE-2023-50069

CVE-2023-50069 affects WireMock with GUI versions 3.0.4.0–3.2.0.0. The issue is stored cross-site scripting (SXSS) through the recording feature, allowing an attacker to host a malicious payload and have it render on the Matched page Body area due to lack of validation/sanitization of the respons...

6.1CVSS6AI score0.00442EPSS
Exploits1References1Affected Software1
cvelist
cvelist
added 2023/12/29 12:0 a.m.23 views

CVE-2023-50069

WireMock with GUI versions 3.2.0.0 through 3.0.4.0 are vulnerable to stored cross-site scripting SXSS through the recording feature. An attacker can host a malicious payload and perform a test mapping pointing to the attacker's file, and the result will render on the Matched page in the Body area...

6.2AI score0.00442EPSS
Exploits1References1
cnnvd
cnnvd
added 2023/12/29 12:0 a.m.4 views

WireMock 安全漏洞

WireMock is WireMock open source a popular API simulation test open source tool . WireMock cross-site scripting vulnerability , the vulnerability stems from the logging function of the user-supplied data lack of effective filtering and escaping , an attacker can exploit the vulnerability by...

6.1CVSS6.5AI score0.00442EPSS
Exploits1References2
osv
osv
added 2023/12/29 12:0 a.m.20 views

CVE-2023-50069

WireMock with GUI versions 3.2.0.0 through 3.0.4.0 are vulnerable to stored cross-site scripting SXSS through the recording feature. An attacker can host a malicious payload and perform a test mapping pointing to the attacker's file, and the result will render on the Matched page in the Body area...

6.1CVSS6.4AI score0.00442EPSS
Exploits1References3
bdu_fstec
bdu_fstec
added 2023/10/30 12:0 a.m.7 views

The vulnerability of the WireMock software for creating virtual HTTP services relates to bypassing authentication through spoofing, allowing attackers to circumvent established access controls.

The vulnerability of the WireMock software for creating virtual HTTP services relates to the bypassing of authentication mechanisms through spoofing techniques. Exploiting this vulnerability allows a malicious actor to circumvent established access controls...

6.8CVSS6.6AI score0.00571EPSS
Exploits0References4Affected Software4
bdu_fstec
bdu_fstec
added 2023/10/30 12:0 a.m.6 views

The vulnerability of the WireMock software for creating virtual HTTP services lies in its insufficient checking of incoming requests. This allows attackers to redirect POST requests to arbitrary servers.

The vulnerability of the WireMock software for creating virtual HTTP services is related to insufficient checking of incoming requests. Exploiting this vulnerability allows a malicious actor to redirect POST requests to arbitrary servers...

5.4CVSS6AI score0.00469EPSS
Exploits0References4Affected Software1
vulnersosv
vulnersosv
added 2023/09/08 12:19 p.m.8 views

com.github.bibsysdev:nva-datamodel-testutils (>=0.20.41 <=0.20.82), com.github.bibsysdev:nvatestutils (>=1.32.0 <=1.36.15) +3 more potentially affected by CVE-2023-41329 via org.wiremock:wiremock (>=3.0.0 <=3.0.2)

org.wiremock:wiremock MAVEN version =3.0.0, =0.20.41, =1.32.0, =0.6.0, =2.4.5, =2.5.4 Source cves: CVE-2023-41329 Source advisory: OSV:GHSA-PMXQ-PJ47-J8J4...

6.6CVSS6.6AI score0.00571EPSS
Exploits0
vulnersosv
vulnersosv
added 2023/09/08 12:19 p.m.3 views

co.bitshifted.appforge:syncro (>=1.0.0 <=1.0.2), com.atlassian.oai:swagger-request-validator-examples (>=2.26.0 <=2.39.0) +172 more potentially affected by CVE-2023-41329 via com.github.tomakehurst:wiremock-jre8 (>=2.21.0 <=2.35.0)

com.github.tomakehurst:wiremock-jre8 MAVEN version =2.21.0, =1.0.0, =2.26.0, =2.26.0, =2.30.0, =0.0.5, =0.19.3, =1.25.2, =0.1.0, =1.0, =1.0, =1.5.1 and more Source cves: CVE-2023-41329 Source advisory: OSV:GHSA-PMXQ-PJ47-J8J4...

6.6CVSS6.6AI score0.00571EPSS
Exploits0
vulnersosv
vulnersosv
added 2023/09/08 12:19 p.m.8 views

ch.admin.bit.jeap:jeap-spring-boot-security-starter-it (>=17.16.0 <=17.24.1), ch.mobi.mobitor:mobitor-plugins-test (>=3.1.171 <=3.1.485) +50 more potentially affected by CVE-2023-41329 via com.github.tomakehurst:wiremock-jre8-standalone (>=2.23.2 <=2.35.0)

com.github.tomakehurst:wiremock-jre8-standalone MAVEN version =2.23.2, =17.16.0, =3.1.171, =1.0.7, =1.13.3, =1.0.0, =2.4.4, =6.7.7, =8.1.0, =6.7.7, =9.0.1, =8.5.0, =9.1.18 - de.muenchen.oss.digiwf:digiwf-coverage =1.3.0 and more Source cves: CVE-2023-41329 Source advisory: OSV:GHSA-PMXQ-PJ47-J8J4...

6.6CVSS6.6AI score0.00571EPSS
Exploits0
osv
osv
added 2023/09/08 12:19 p.m.8 views

GHSA-PMXQ-PJ47-J8J4 Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio webhooks, proxy and recorder modes

Impact The proxy mode of WireMock, can be protected by the network restrictions configuration, as documented in Preventing proxying to and recording from specific target addresses. These restrictions can be configured using the domain names, and in such a case the configuration is vulnerable to t...

3.9CVSS6AI score0.00571EPSS
Exploits0References4
github
github
added 2023/09/08 12:19 p.m.40 views

Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio webhooks, proxy and recorder modes

Impact The proxy mode of WireMock, can be protected by the network restrictions configuration, as documented in Preventing proxying to and recording from specific target addresses. These restrictions can be configured using the domain names, and in such a case the configuration is vulnerable to t...

6.6CVSS6.5AI score0.00571EPSS
Exploits0References4Affected Software5
veracode
veracode
added 2023/09/08 11:53 a.m.16 views

Server Side Request Forgery (SSRF)

WireMock is vulnerable to Server Side Request Forgery SSRF. The vulnerability is caused by a failure in filtering target addresses during Webhook proxing even when the allowed address rules and denied address rules are configured, regardless of the limitProxyTargets settings. This can lead to...

5.4CVSS6.9AI score0.00469EPSS
Exploits0References7Affected Software1
nvd
nvd
added 2023/09/06 9:15 p.m.32 views

CVE-2023-41329

WireMock is a tool for mocking HTTP services. The proxy mode of WireMock, can be protected by the network restrictions configuration, as documented in Preventing proxying to and recording from specific target addresses. These restrictions can be configured using the domain names, and in such a ca...

6.6CVSS5.3AI score0.00571EPSS
Exploits0References2
nvd
nvd
added 2023/09/06 9:15 p.m.68 views

CVE-2023-41327

WireMock is a tool for mocking HTTP services. WireMock can be configured to only permit proxying and therefore recording to certain addresses. This is achieved via a list of allowed address rules and a list of denied address rules, where the allowed list is evaluated first. Until WireMock Webhook...

5.4CVSS5.1AI score0.00469EPSS
Exploits0References3
nvd
nvd
added 2023/09/06 9:15 p.m.20 views

CVE-2023-39967

WireMock is a tool for mocking HTTP services. When certain request URLs like “@127.0.0.1:1234" are used in WireMock Studio configuration fields, the request might be forwarded to an arbitrary service reachable from WireMock’s instance. There are 3 identified potential attack vectors: via...

10CVSS9.6AI score0.00829EPSS
Exploits1References1
prion
prion
added 2023/09/06 9:15 p.m.33 views

Race condition

WireMock is a tool for mocking HTTP services. The proxy mode of WireMock, can be protected by the network restrictions configuration, as documented in Preventing proxying to and recording from specific target addresses. These restrictions can be configured using the domain names, and in such a ca...

4.3CVSS6.4AI score0.00571EPSS
Exploits0References2Affected Software4
prion
prion
added 2023/09/06 9:15 p.m.17 views

Design/Logic Flaw

WireMock is a tool for mocking HTTP services. WireMock can be configured to only permit proxying and therefore recording to certain addresses. This is achieved via a list of allowed address rules and a list of denied address rules, where the allowed list is evaluated first. Until WireMock Webhook...

4.8CVSS5.7AI score0.00469EPSS
Exploits0References3Affected Software2
Rows per page
Query Builder