CVE-2023-46974

MEDIUM

Best Courier Management System <1.000 - XSS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-46974. PoCs published by yte121.

AI-analyzed exploit summary The repository lacks actual exploit code and only provides a vague description of a reflected XSS vulnerability in Best Courier Management System v1.000. It references an external YouTube video and does not include technical details or PoC code.

Description

Cross Site Scripting vulnerability in Best Courier Management System v.1.000 allows a remote attacker to execute arbitrary code via a crafted payload to the page parameter in the URL.

Exploits (1)

nomisec SUSPICIOUS

by yte121 · poc

https://github.com/yte121/CVE-2023-46974

View Code ZIP pw:eip

The repository lacks actual exploit code and only provides a vague description of a reflected XSS vulnerability in Best Courier Management System v1.000. It references an external YouTube video and does not include technical details or PoC code.

Classification

Suspicious 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Theoretical

Target: Best Courier Management System v1.000

No auth needed

Prerequisites: Access to a crafted URL with malicious payload

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory

https://github.com/yte121/CVE-2023-46974/

View Writeup ZIP pw:eip

Exploit

https://youtu.be/5oVfJHT_-Ys

Scores

CVSS v3 5.4

EPSS 0.0068

EPSS Percentile 47.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

mayurik/courier_management_system 1.0

Published Dec 07, 2023

Tracked Since Feb 18, 2026