Skip to main content

Courier Management System CVE-2023-46974

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2023-12-07 cve@mitre.org
5.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Dec 07, 2023 - 14:15 nvd
MEDIUM 5.4

DescriptionNVD

Cross Site Scripting vulnerability in Best Courier Management System v.1.000 allows a remote attacker to execute arbitrary code via a crafted payload to the page parameter in the URL.

AnalysisAI

Cross Site Scripting vulnerability in Best Courier Management System v.1.000 allows a remote attacker to execute arbitrary code via a crafted payload to the page parameter in the URL. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Cross Site Scripting vulnerability in Best Courier Management System v.1.000 allows a remote attacker to execute arbitrary code via a crafted payload to the page parameter in the URL. Affected products include: Mayurik Courier Management System.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2023-48823 CRITICAL POC
9.8 Dec 07

A Blind SQL injection issue in ajax.php in GaatiTrack Courier Management System 1.0 allows an unauthenticated attacker t

CVE-2024-10608 MEDIUM POC
6.9 Nov 01

A vulnerability was found in code-projects Courier Management System 1.0. Rated medium severity (CVSS 6.9), this vulnera

CVE-2024-10607 MEDIUM POC
6.9 Nov 01

A vulnerability was found in code-projects Courier Management System 1.0. Rated medium severity (CVSS 6.9), this vulnera

CVE-2023-48206 MEDIUM POC
6.1 Dec 07

A Cross Site Scripting (XSS) vulnerability in GaatiTrack Courier Management System 1.0 allows a remote attacker to injec

CVE-2025-12316 MEDIUM POC
5.5 Oct 27

A vulnerability was identified in code-projects Courier Management System 1.0. This impacts an unknown function of the f

CVE-2025-11553 LOW POC
2.1 Oct 09

SQL injection vulnerability in Courier Management System 1.0 allows authenticated remote attackers to manipulate the Shi

CVE-2025-8254 LOW
2.1 Jul 28

SQL injection in Campcodes Courier Management System 1.0 via the ID parameter in /view_parcel.php allows authenticated r

CVE-2025-8230 LOW
2.1 Jul 27

SQL injection in Campcodes Courier Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL

CVE-2025-8229 LOW
2.1 Jul 27

SQL injection in Campcodes Courier Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL

CVE-2025-8189 LOW
2.1 Jul 26

SQL injection in Campcodes Courier Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL

CVE-2025-8188 LOW
2.1 Jul 26

SQL injection in Campcodes Courier Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL

CVE-2025-8187 LOW
2.1 Jul 26

SQL injection in Campcodes Courier Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL

Share

CVE-2023-46974 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy