CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2023-46974
https://notcve.org/view.php?id=CVE-2023-46974
Cross Site Scripting vulnerability in Best Courier Management System v.1.000 allows a remote attacker to execute arbitrary code via a crafted payload to the page parameter in the URL. Vulnerabilidad de Cross Site Scripting en Best Courier Management System v.1.000 permite a un atacante remoto ejecutar código arbitrario a través de un payload manipulado en el parámetro de página en la URL. • https://github.com/yte121/CVE-2023-46974 https://youtu.be/5oVfJHT_-Ys • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48823 – GaatiTrack Courier Management System 1.0 SQL Injection
https://notcve.org/view.php?id=CVE-2023-48823
A Blind SQL injection issue in ajax.php in GaatiTrack Courier Management System 1.0 allows an unauthenticated attacker to inject a payload via the email parameter during login. Un problema de inyección de Blind SQL en ajax.php en GaatiTrack Courier Management System 1.0 permite que un atacante no autenticado inyecte un payload a través del parámetro de correo electrónico durante el inicio de sesión. GaatiTrack Courier Management System version 1.0 suffers from a remote SQL injection vulnerability. • http://packetstormsecurity.com/files/176030 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6301 – SourceCodester Best Courier Management System GET Parameter parcel_list.php cross site scripting
https://notcve.org/view.php?id=CVE-2023-6301
A vulnerability has been found in SourceCodester Best Courier Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file parcel_list.php of the component GET Parameter Handler. The manipulation of the argument id with the input </TiTlE><ScRiPt>alert(1)</ScRiPt> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/BigTiger2020/2023/blob/main/best-courier-management-system/best-courier-management-system-reflected%20xss2.md https://vuldb.com/?ctiid.246127 https://vuldb.com/?id.246127 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6300 – SourceCodester Best Courier Management System cross site scripting
https://notcve.org/view.php?id=CVE-2023-6300
A vulnerability, which was classified as problematic, was found in SourceCodester Best Courier Management System 1.0. Affected is an unknown function. The manipulation of the argument page with the input </TiTlE><ScRiPt>alert(1)</ScRiPt> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/BigTiger2020/2023/blob/main/best-courier-management-system/best-courier-management-system%20-%20reflected%20xss.md https://vuldb.com/?ctiid.246126 https://vuldb.com/?id.246126 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48206 – GaatiTrack Courier Management System 1.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2023-48206
A Cross Site Scripting (XSS) vulnerability in GaatiTrack Courier Management System 1.0 allows a remote attacker to inject JavaScript via the page parameter to login.php or header.php. Vulnerabilidad de Cross Site Scripting (XSS) en GaatiTrack Courier Management System 1.0 permite a un atacante remoto inyectar JavaScript a través del parámetro de página en login.php o header.php. GaatiTrack Courier Management System version 1.0 suffers from multiple cross site scripting vulnerabilities. • http://packetstormsecurity.com/files/175803 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •