VYPR
leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246127.","additionalType":"https://schema.org/SoftwareApplication","sameAs":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6301"]},"keywords":"CVE-2023-6301, Sourcecodester Best Fee Management System","mentions":[{"@type":"SoftwareApplication","name":"Best Fee Management System","applicationCategory":"SecurityApplication","publisher":{"@type":"Organization","name":"Sourcecodester"}}],"isAccessibleForFree":true},{"@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://portal.vyprsec.ai/"},{"@type":"ListItem","position":2,"name":"CVEs","item":"https://portal.vyprsec.ai/cves"},{"@type":"ListItem","position":3,"name":"CVE-2023-6301","item":"https://portal.vyprsec.ai/cves/CVE-2023-6301"}]}]}
← All advisories
Unrated severityNVD Advisory· Published Nov 26, 2023· Updated Aug 2, 2024

SourceCodester Best Courier Management System GET Parameter parcel_list.php cross site scripting

CVE-2023-6301

Description

A vulnerability has been found in SourceCodester Best Courier Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file parcel_list.php of the component GET Parameter Handler. The manipulation of the argument id with the input leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246127.

Affected products

1

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

3

News mentions

0

No linked articles in our index yet.