A vulnerability has been found in SourceCodester Best Courier Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file parcel_list.php of the component GET Parameter Handler. The manipulation of the argument id with the input </TiTlE><ScRiPt>alert(1)</ScRiPt> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246127.
References
Link | Resource |
---|---|
https://github.com/BigTiger2020/2023/blob/main/best-courier-management-system/best-courier-management-system-reflected%20xss2.md | Exploit Third Party Advisory |
https://vuldb.com/?ctiid.246127 | Permissions Required Third Party Advisory |
https://vuldb.com/?id.246127 | Third Party Advisory |
https://github.com/BigTiger2020/2023/blob/main/best-courier-management-system/best-courier-management-system-reflected%20xss2.md | Exploit Third Party Advisory |
https://vuldb.com/?ctiid.246127 | Permissions Required Third Party Advisory |
https://vuldb.com/?id.246127 | Third Party Advisory |
Configurations
History
21 Nov 2024, 08:43
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 4.0
v3 : 3.5 |
References | () https://github.com/BigTiger2020/2023/blob/main/best-courier-management-system/best-courier-management-system-reflected%20xss2.md - Exploit, Third Party Advisory | |
References | () https://vuldb.com/?ctiid.246127 - Permissions Required, Third Party Advisory | |
References | () https://vuldb.com/?id.246127 - Third Party Advisory |
30 Nov 2023, 05:22
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
References | () https://github.com/BigTiger2020/2023/blob/main/best-courier-management-system/best-courier-management-system-reflected%20xss2.md - Exploit, Third Party Advisory | |
References | () https://vuldb.com/?id.246127 - Third Party Advisory | |
References | () https://vuldb.com/?ctiid.246127 - Permissions Required, Third Party Advisory | |
First Time |
Mayurik
Mayurik best Courier Management System |
|
CPE | cpe:2.3:a:mayurik:best_courier_management_system:1.0:*:*:*:*:*:*:* |
27 Nov 2023, 00:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-27 00:15
Updated : 2024-11-21 08:43
NVD link : CVE-2023-6301
Mitre link : CVE-2023-6301
CVE.ORG link : CVE-2023-6301
JSON object : View
Products Affected
mayurik
- best_courier_management_system
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')