NotCVE - vendor:"Mayurik" product:"Courier Management System" version:"1.0"

Page 2 of 18 results (0.005 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-6300 – SourceCodester Best Courier Management System cross site scripting

https://notcve.org/view.php?id=CVE-2023-6300

A vulnerability, which was classified as problematic, was found in SourceCodester Best Courier Management System 1.0. Affected is an unknown function. The manipulation of the argument page with the input </TiTlE><ScRiPt>alert(1)</ScRiPt> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/BigTiger2020/2023/blob/main/best-courier-management-system/best-courier-management-system%20-%20reflected%20xss.md https://vuldb.com/?ctiid.246126 https://vuldb.com/?id.246126 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-48206 – GaatiTrack Courier Management System 1.0 Cross Site Scripting

https://notcve.org/view.php?id=CVE-2023-48206

A Cross Site Scripting (XSS) vulnerability in GaatiTrack Courier Management System 1.0 allows a remote attacker to inject JavaScript via the page parameter to login.php or header.php. Vulnerabilidad de Cross Site Scripting (XSS) en GaatiTrack Courier Management System 1.0 permite a un atacante remoto inyectar JavaScript a través del parámetro de página en login.php o header.php. GaatiTrack Courier Management System version 1.0 suffers from multiple cross site scripting vulnerabilities. • http://packetstormsecurity.com/files/175803 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 3

CVE-2023-46980

https://notcve.org/view.php?id=CVE-2023-46980

An issue in Best Courier Management System v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the userID parameter. Un problema en Best Courier Management System v.1.0 permite a un atacante remoto ejecutar código arbitrario y escalar privilegios a través de un script manipulado al parámetro ID de usuario. • https://github.com/sajaljat/CVE-2023-46980 https://github.com/sajaljat/CVE-2023-46980/tree/main https://youtu.be/3Mz2lSElg7Y • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2

CVE-2023-46451

https://notcve.org/view.php?id=CVE-2023-46451

Best Courier Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in the change username field. Best Courier Management System v1.0 es vulnerable a Cross Site Scripting (XSS) en el campo de cambio de nombre de usuario. • https://github.com/sajaljat/CVE-2023-46451 https://youtu.be/f8B3_m5YfqI • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-46004

https://notcve.org/view.php?id=CVE-2023-46004

Sourcecodester Best Courier Management System 1.0 is vulnerable to Arbitrary file upload in the update_user function. Sourcecodester Best Courier Management System 1.0 es vulnerable a la carga arbitraria de archivos en la función update_user. • https://github.com/zerrr0/Zerrr0_Vulnerability/blob/main/Best%20Courier%20Management%20System%201.0/Arbitrary-File-Upload-Vulnerability.md • CWE-434: Unrestricted Upload of File with Dangerous Type •

1 2 3 4