CVE-2023-6301

Name of the Vulnerable Software and Affected Versions SourceCodester Best Courier Management System version 1.0

Description A vulnerability has been found in the file parcel list.php of the component GET Parameter Handler, which can be exploited to lead to cross site scripting. The manipulation of the argument id with malicious input, such as </TiTlE><ScRiPt>alert(1)</ScRiPt>, can trigger this issue. The attack can be launched remotely.

Recommendations For SourceCodester Best Courier Management System version 1.0, consider validating and sanitizing user input for the id argument in the parcel list.php file to prevent cross site scripting attacks. As a temporary workaround, restrict access to the parcel list.php file until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.