PT-2023-30276 · Unknown · Best Courier Management System

Cyberlord

Publicado

2023-11-02

Atualizado

2023-12-09

CVE-2023-46974

CVSS v3.1

5.4

Média

Vetor

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Best Courier Management System version 1.000

Description The issue allows a remote attacker to execute arbitrary code via a crafted payload to the page parameter in the URL. This is a Cross Site Scripting vulnerability.

Recommendations For Best Courier Management System version 1.000, consider restricting access to the page parameter in the URL to minimize the risk of exploitation. Avoid using the page parameter in URLs until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2023-46974

Produtos afetados

Best Courier Management System

PT-2023-30276 · Unknown · Best Courier Management System

CVE-2023-46974

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6