Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Cross Site Scripting (XSS) in Uniform Server Zero

Posted date 08/05/2024
Identificador
INCIBE-2024-0233
Importance
3 - Medium
Affected Resources

Uniform Server Zero, 10.2.5 version.

Description

INCIBE has coordinated the publication of 1 medium severity vulnerability affecting Uniform Server Zero, version 10.2.5, a lightweight WAMP server solution for Windows, which has been discovered by Rafael Pedrero.

This vulnerability has been assigned the following code, CVSS v3.1 base score, CVSS vector and vulnerability type CWE:

  • CVE-2023-5052: 6.3 | CVSS:3.1/ AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L | CWE-79.
Solution

Vulnerability fixed in the latest version.

Detail

CVE-2023-5052: vulnerability in Uniform Server Zero, version 10.2.5, consisting of an XSS through the /us_extra/phpinfo.php page. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and partially take over their session details.

References list
A free lightweight portable WAMP server solution
Etiquetas