VYPR
leads to cross site scripting. It is possi","datePublished":"2023-11-26T23:31:04.652Z","dateModified":"2024-10-10T20:33:30.982Z","publisher":{"@type":"Organization","@id":"https://portal.vyprsec.ai#publisher","name":"VYPR","url":"https://portal.vyprsec.ai","logo":{"@type":"ImageObject","url":"https://portal.vyprsec.ai/icon.svg","width":64,"height":64},"description":"Real-time CVE intelligence newsroom — feeds, exploits, vendor advisories, and AI-synthesized insights."},"author":{"@type":"Organization","@id":"https://portal.vyprsec.ai#publisher","name":"VYPR","url":"https://portal.vyprsec.ai","logo":{"@type":"ImageObject","url":"https://portal.vyprsec.ai/icon.svg","width":64,"height":64},"description":"Real-time CVE intelligence newsroom — feeds, exploits, vendor advisories, and AI-synthesized insights."},"proficiencyLevel":"Expert","about":{"@type":"Thing","@id":"https://nvd.nist.gov/vuln/detail/CVE-2023-6300","name":"CVE-2023-6300","identifier":"CVE-2023-6300","description":"A vulnerability, which was classified as problematic, was found in SourceCodester Best Courier Management System 1.0. Affected is an unknown function. The manipulation of the argument page with the input leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-246126 is the identifier assigned to this vulnerability.","additionalType":"https://schema.org/SoftwareApplication","sameAs":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6300"]},"keywords":"CVE-2023-6300, Sourcecodester Best Fee Management System","mentions":[{"@type":"SoftwareApplication","name":"Best Fee Management System","applicationCategory":"SecurityApplication","publisher":{"@type":"Organization","name":"Sourcecodester"}}],"isAccessibleForFree":true},{"@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://portal.vyprsec.ai/"},{"@type":"ListItem","position":2,"name":"CVEs","item":"https://portal.vyprsec.ai/cves"},{"@type":"ListItem","position":3,"name":"CVE-2023-6300","item":"https://portal.vyprsec.ai/cves/CVE-2023-6300"}]}]}
← All advisories
Unrated severityNVD Advisory· Published Nov 26, 2023· Updated Oct 10, 2024

SourceCodester Best Courier Management System cross site scripting

CVE-2023-6300

Description

A vulnerability, which was classified as problematic, was found in SourceCodester Best Courier Management System 1.0. Affected is an unknown function. The manipulation of the argument page with the input leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-246126 is the identifier assigned to this vulnerability.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

SourceCodester Best Courier Management System 1.0 is vulnerable to reflected XSS via the 'page' parameter.

Vulnerability

A reflected cross-site scripting (XSS) vulnerability exists in SourceCodester Best Courier Management System version 1.0. The vulnerability affects an unknown function that handles the page parameter. Manipulation of the page argument with a payload such as `` results in script execution within the user's browser. [1]

Exploitation

An attacker can launch the attack remotely without requiring authentication. The attacker crafts a URL containing a malicious page parameter and entices a victim to click it, for example via a phishing link. When the victim accesses the crafted URL while authenticated to the application, the injected script executes in the context of the victim's session. [1]

Impact

Successful exploitation allows the attacker to execute arbitrary JavaScript in the victim's browser within the application's context. This can lead to session hijacking, credential theft, or further attacks against the application, leveraging the privileges of the victim user. [1]

Mitigation

As of the publication date (2023-11-26), no official patch or fixed version has been released by the vendor. Users should apply input validation and output encoding to the page parameter, or consider disabling the vulnerable functionality until a vendor-supplied fix is available. [1]

References
  1. 2023/best-courier-management-system/best-courier-management-system - reflected xss.md at main · BigTiger2020/2023

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.