CVE-2023-5052

CVSS v3 6.3 MEDIUM

6.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

ulnerability in Uniform Server Zero, version 10.2.5, consisting of an XSS through the /us_extra/phpinfo.php page. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and partially take over their session details.

References

Link	Resource
https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-xss-uniform-server-zero
https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-xss-uniform-server-zero

Configurations

No configuration.

History

21 Nov 2024, 08:40

Type	Values Removed	Values Added
References	~~() https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-xss-uniform-server-zero -~~	() https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-xss-uniform-server-zero -
Summary		(es) Vulnerabilidad en Uniform Server Zero, versión 10.2.5, consistente en un XSS a través de la página /us_extra/phpinfo.php. Esta vulnerabilidad podría permitir que un usuario remoto envíe una consulta especialmente manipulada a un usuario autenticado y se haga cargo parcialmente de los detalles de su sesión.

14 May 2024, 14:23

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-14 14:23

Updated : 2024-11-21 08:40

NVD link : CVE-2023-5052

Mitre link : CVE-2023-5052

CVE.ORG link : CVE-2023-5052

JSON object : View

Products Affected

No product.

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

6.3 /10