CVE-2023-5052

Name of the Vulnerable Software and Affected Versions Uniform Server Zero version 10.2.5

Description The issue is related to a Cross-Site Scripting (XSS) vulnerability, which occurs through the /us extra/phpinfo.php page. This could allow a remote user to send a specially crafted query to an authenticated user, potentially taking over their session details partially.

Recommendations For Uniform Server Zero version 10.2.5, consider disabling access to the /us extra/phpinfo.php page as a temporary workaround until a patch is available. Restricting access to this page can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.