CVE-2023-6300

Опубликовано: 27 нояб. 2023

Источник: nvd

CVSS3: 3.5

CVSS3: 6.1

CVSS2: 4

EPSS Низкий

Описание

A vulnerability, which was classified as problematic, was found in SourceCodester Best Courier Management System 1.0. Affected is an unknown function. The manipulation of the argument page with the input leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-246126 is the identifier assigned to this vulnerability.

Ссылки

https://github.com/BigTiger2020/2023/blob/main/best-courier-management-system/best-courier-management-system%20-%20reflected%20xss.md
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.246126
Permissions Required
Third Party Advisory
https://vuldb.com/?id.246126
Third Party Advisory
https://github.com/BigTiger2020/2023/blob/main/best-courier-management-system/best-courier-management-system%20-%20reflected%20xss.md
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.246126
Permissions Required
Third Party Advisory
https://vuldb.com/?id.246126
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mayurik:best_courier_management_system:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 39%

0.00173

Низкий

3.5 Low

CVSS3

6.1 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-c3cx-3cr3-3gfg

CVSS3: 3.5

github

около 2 лет назад

A vulnerability, which was classified as problematic, was found in SourceCodester Best Courier Management System 1.0. Affected is an unknown function. The manipulation of the argument page with the input </TiTlE><ScRiPt>alert(1)</ScRiPt> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-246126 is the identifier assigned to this vulnerability.

EPSS

Процентиль: 39%

0.00173

Низкий

3.5 Low

CVSS3

6.1 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-79