CVE-2023-46451

MEDIUM

Best Courier Management System v1.0 - XSS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-46451. PoCs published by sajaljat.

AI-analyzed exploit summary The repository describes a Cross-Site Scripting (XSS) vulnerability in Sourcecodester Best Courier Management System v1.0, specifically in the change username field. It includes a reference to a YouTube video demonstrating the exploit but lacks actual exploit code or detailed technical analysis.

Description

Best Courier Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in the change username field.

Exploits (1)

nomisec WRITEUP

by sajaljat · poc

https://github.com/sajaljat/CVE-2023-46451

View Code ZIP pw:eip

The repository describes a Cross-Site Scripting (XSS) vulnerability in Sourcecodester Best Courier Management System v1.0, specifically in the change username field. It includes a reference to a YouTube video demonstrating the exploit but lacks actual exploit code or detailed technical analysis.

Classification

Writeup 70%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Sourcecodester Best Courier Management System v1.0

Auth required

Prerequisites: Access to the change username field in the application

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory

https://github.com/sajaljat/CVE-2023-46451

Exploit

https://youtu.be/f8B3_m5YfqI

Scores

CVSS v3 5.4

EPSS 0.0041

EPSS Percentile 33.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

mayurik/best_courier_management_system 1.0

Published Oct 31, 2023

Tracked Since Feb 18, 2026