SourceCodester Best Courier Management System Manage Account Page cross site scripting
Description
A vulnerability, which was classified as problematic, has been found in SourceCodester Best Courier Management System 1.0. This issue affects some unknown processing of the component Manage Account Page. The manipulation of the argument First Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240941 was assigned to this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cross-site scripting vulnerability in SourceCodester Best Courier Management System 1.0 via First Name parameter on Manage Account page allows remote script injection.
Vulnerability
A reflected cross-site scripting (XSS) vulnerability exists in the Manage Account Page of SourceCodester Best Courier Management System 1.0. The First Name parameter is not properly sanitized, allowing an attacker to inject arbitrary JavaScript code when the parameter is processed and displayed on the page.
Exploitation
An attacker can exploit this vulnerability by sending a crafted HTTP request to the Manage Account endpoint with a malicious payload in the First Name parameter. No authentication is required to deliver the payload, but the attack relies on an authenticated administrator viewing the affected page. The exploit has been publicly disclosed in a proof-of-concept [1].
Impact
Successful exploitation allows the attacker to execute arbitrary JavaScript within the context of the administrator's session. This can lead to session hijacking, defacement, or theft of sensitive information displayed on the page.
Mitigation
Currently, no official patch or advisory has been released by SourceCodester. Users are advised to implement input validation and output encoding for the First Name parameter, or restrict access to the Manage Account page until a fix is available.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: 1.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/rohit0x5/poc/blob/main/cve_2mitreexploit
- vuldb.commitresignaturepermissions-required
- vuldb.commitrevdb-entrytechnical-description
News mentions
0No linked articles in our index yet.