CVE-2023-50069

Name of the Vulnerable Software and Affected Versions WireMock with GUI versions 3.0.4.0 through 3.2.0.0

Description The issue concerns stored cross-site scripting (SXSS) through the recording feature. An attacker can host a malicious payload and perform a test mapping pointing to the attacker's file. The result will render on the Matched page in the Body area, resulting in the execution of the payload. This occurs because the response body is not validated or sanitized.

Recommendations For WireMock with GUI versions 3.0.4.0 through 3.2.0.0, consider disabling the recording feature until a patch is available to prevent exploitation. Restrict access to the Matched page in the Body area to minimize the risk of payload execution. Avoid using the recording feature to map to external files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.