CVE-2023-6300

CWE-79 — Cross-site Scripting (XSS)CWE-78 — OS Command Injection CWE-8355 documents4 sources

Severity

6.1MEDIUM

EPSS

0.2%

top 55.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sourcecodester Best Courier Management System Mayurik Best Courier Management System

Timeline

PublishedNov 27

Description

A vulnerability, which was classified as problematic, was found in SourceCodester Best Courier Management System 1.0. Affected is an unknown function. The manipulation of the argument page with the input alert(1) leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-246126 is the identifier assigned to this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:NExploitability: 2.1 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5sourcecodester/best_courier_management_system1.0

▶NVDmayurik/best_courier_management_system1.0

🔴Vulnerability Details

GHSA

GHSA-c3cx-3cr3-3gfg: A vulnerability, which was classified as problematic, was found in SourceCodester Best Courier Management System 1↗2023-11-27

▶

CVEList

SourceCodester Best Courier Management System cross site scripting↗2023-11-26

▶

📋Vendor Advisories

Cisco

Cisco Firepower 4100 Series, Firepower 9300 Security Appliances, and UCS 6300 Series Fabric Interconnects SNMP Denial of Service Vulnerability↗2023-08-23

▶

Cisco

Cisco Firepower 4100 Series, Firepower 9300 Security Appliances, and UCS Fabric Interconnects Command Injection Vulnerability↗2023-02-22

▶