A vulnerability has been discovered in Uniform Server Zero version 10.2.5 that consists in a XSS via /us_extra/phpinfo.php page. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal it’s cookie session details.
s-bourdon
commented
9 months ago
Good morning,
A vulnerability has been discovered in Uniform Server Zero version 10.2.5 that consists in a XSS via /us_extra/phpinfo.php page. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal it’s cookie session details.
PoC: /us_extra/phpinfo.php/%f6%22%20onmouseover%3dalert(9566)%20//
A CVE-2023-5052 is being assigned.
The Spanish CNA has attempted to contact you, but it has not been possible.