Cross Site Scripting Vulnerability in Best Courier Management System by BestTech
CVE-2023-46451

5.4MEDIUM

Key Information:

Vendor: Mayurik
Status: Best Courier Management System
Vendor: CVE Published:; 31 October 2023

Badges

👾 Exploit Exists

What is CVE-2023-46451?

The Best Courier Management System version 1.0 is susceptible to a Cross Site Scripting (XSS) vulnerability during the change username process. This flaw can allow an attacker to inject malicious scripts, potentially compromising user sessions or redirecting users to malicious sites. It emphasizes the need for secure input validation and output encoding in web applications to mitigate such risks.

References

https://youtu.be/f8B3_m5YfqI

https://github.com/sajaljat/CVE-2023-46451

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 31, 2023
🟡
Public PoC available
Oct 26, 2023
👾
Exploit known to exist
Oct 26, 2023
Vulnerability Reserved
Oct 23, 2023

Mayurik

Badges

What is CVE-2023-46451?

References

CVSS V3.1

Timeline