CVE-2023-6301
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Summary
CVE-2023-6301 is a newly disclosed vulnerability affecting the SourceCodester Best Courier Management System 1.0. The issue lies in the file parcel_list.php, specifically the GET Parameter Handler, which is susceptible to cross-site scripting (XSS) attacks. By manipulating the argument id with the input </TiTle><ScRiPt>alert(1)</ScRiPt>, an attacker can inject malicious code and execute scripts in a user's browser. This vulnerability can be exploited remotely, making it a significant security risk. The exploit has been made public, increasing the threat to organizations using this software. The associated identifier for this vulnerability is VDB-246127.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.