CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2023-46451
https://notcve.org/view.php?id=CVE-2023-46451
Best Courier Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in the change username field. Best Courier Management System v1.0 es vulnerable a Cross Site Scripting (XSS) en el campo de cambio de nombre de usuario. • https://github.com/sajaljat/CVE-2023-46451 https://youtu.be/f8B3_m5YfqI • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 3CVE-2023-46449
https://notcve.org/view.php?id=CVE-2023-46449
Sourcecodester Free and Open Source inventory management system v1.0 is vulnerable to Incorrect Access Control. An arbitrary user can change the password of another user and takeover the account via IDOR in the password change function. El sistema de gestión de inventario Gratuito y de Código Abierto Sourcecodester v1.0 es vulnerable a un control de acceso incorrecto. Un usuario arbitrario puede cambiar la contraseña de otro usuario y hacerse cargo de la cuenta a través de IDOR en la función de cambio de contraseña. • https://github.com/sajaljat/CVE-2023-46449 https://github.com/sajaljat/CVE-2023-46449/tree/main https://www.youtube.com/watch?v=H5QnsOKjs3s • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2023-46450
https://notcve.org/view.php?id=CVE-2023-46450
Sourcecodester Free and Open Source inventory management system 1.0 is vulnerable to Cross Site Scripting (XSS) via the Add supplier function. El sistema de gestión de inventario Gratuito y de Código Abierto Sourcecodester v1.0 es vulnerable a Cross Site Scripting (XSS) a través de la función Agregar proveedor. • https://github.com/yte121/-CVE-2023-46450 https://youtu.be/LQy0_xIK2q0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46004
https://notcve.org/view.php?id=CVE-2023-46004
Sourcecodester Best Courier Management System 1.0 is vulnerable to Arbitrary file upload in the update_user function. Sourcecodester Best Courier Management System 1.0 es vulnerable a la carga arbitraria de archivos en la función update_user. • https://github.com/zerrr0/Zerrr0_Vulnerability/blob/main/Best%20Courier%20Management%20System%201.0/Arbitrary-File-Upload-Vulnerability.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46005
https://notcve.org/view.php?id=CVE-2023-46005
Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_branch.php. Sourcecodester Best Courier Management System 1.0 es vulnerable a la inyección SQL a través del parámetro id en /edit_branch.php. • https://github.com/zerrr0/Zerrr0_Vulnerability/blob/main/Best%20Courier%20Management%20System%201.0/SQL-Injection-Vulnerability.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •