Cross Site Scripting (XSS) in Uniform Server Zero

Posted date 08/05/2024

Importance

3 - Medium

Affected Resources

Uniform Server Zero, 10.2.5 version.

Description

INCIBE has coordinated the publication of 1 medium severity vulnerability affecting Uniform Server Zero, version 10.2.5, a lightweight WAMP server solution for Windows, which has been discovered by Rafael Pedrero.

This vulnerability has been assigned the following code, CVSS v3.1 base score, CVSS vector and vulnerability type CWE:

CVE-2023-5052: 6.3 | CVSS:3.1/ AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L | CWE-79.

Solution

Vulnerability fixed in the latest version.

Detail

CVE-2023-5052: vulnerability in Uniform Server Zero, version 10.2.5, consisting of an XSS through the /us_extra/phpinfo.php page. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and partially take over their session details.

References list

A free lightweight portable WAMP server solution

Etiquetas

0day
Update
CNA
Vulnerability
Windows