Cross Site Scripting (XSS) in Uniform Server Zero

Posted date 08/05/2024
3 - Medium
Affected Resources

Uniform Server Zero, 10.2.5 version.


INCIBE has coordinated the publication of 1 medium severity vulnerability affecting Uniform Server Zero, version 10.2.5, a lightweight WAMP server solution for Windows, which has been discovered by Rafael Pedrero.

This vulnerability has been assigned the following code, CVSS v3.1 base score, CVSS vector and vulnerability type CWE:

  • CVE-2023-5052: 6.3 | CVSS:3.1/ AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L | CWE-79.

Vulnerability fixed in the latest version.


CVE-2023-5052: vulnerability in Uniform Server Zero, version 10.2.5, consisting of an XSS through the /us_extra/phpinfo.php page. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and partially take over their session details.