Armis Vulnerability Intelligence Database

By combining AI with human insight, Armis Vulnerability Intelligence Database offers extended coverage for vulnerabilities that matter to you, your industry, and provides you with clear remediation instructions.

CVE Name	Severity Score	Published Date	CISA KEV

Take These Insights to the Next Level

Armis now offers direct API access to Armis Vulnerability Intelligence Database through the AWS Marketplace, transforming it from a powerful research tool into an integrated component of your proactive security posture.

Seamless Integration: Directly feed Armis's contextual data into your existing stack.
Automated Workflows: Automate vulnerability lookups in real-time.
Custom Solutions: Use the raw data to build custom dashboards, reports, alerts.

Insights Hero

Perspectives, Insights, and News

News article image

This Year Vulnerability Management Moves from the Basement to the C-suite

The evolution of cybersecurity practices are reshaping how organizations tackle vulnerabilities.

News article image

Closing the Loop

Making security everyone's business with prioritization and collaboration.

READ CASE STUDY→

News article image

The State of Cyberwarfare

The state of Cyberwarfare

Focus on What Matters

See everything.Identify true risk.Proactively mitigate threats.Book a Demo

Let's talk!

CVE-2023-6300 | Medium Severity | Armis

), resulting in a reflected XSS. The issue can be exploited remotely and requires user interaction, with a CVSSv3.1 base score of 3.5 (Low).\n","articleBody":"Cross-site scripting (CWE-79) vulnerability in SourceCodester Best Courier Management System 1.0 allows remote attackers to execute script via a crafted payload in the page parameter (example payload: ), resulting in a reflected XSS. The issue can be exploited remotely and requires user interaction, with a CVSSv3.1 base score of 3.5 (Low).\n\n\nThis CVE describes a low-severity reflected cross-site scripting vulnerability in SourceCodester Best Courier Management System 1.0. The flaw arises when untrusted input supplied via the page parameter is not properly encoded before being reflected in the HTML response, allowing an attacker’s malicious script to execute in the victim’s browser. The issue can be exploited remotely and requires some user interaction to trigger, with public disclosure and identification as VDB-246126. The vulnerability offers no direct data access or system compromise beyond script execution, aligning with a CVSSv3.1 base score of 3.5 (Low).\n","datePublished":"2023-11-27T00:15:07.000Z","dateModified":"2026-05-13T09:02:40.853Z","keywords":"Medium, 2023, CVE, vulnerability, cybersecurity, CVSS","url":"https://cve.armis.com/CVE-2023-6300","author":{"@type":"Organization","name":"Armis","url":"https://www.armis.com"},"publisher":{"@type":"Organization","name":"Armis","url":"https://www.armis.com"},"license":"https://creativecommons.org/licenses/by-nc-sa/4.0/","isBasedOn":{"@type":"WebPage","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6300","name":"NVD CVE-2023-6300"},"additionalProperty":[{"@type":"PropertyValue","name":"CVSS Score","value":"6.1"},{"@type":"PropertyValue","name":"Severity","value":"Medium"},{"@type":"PropertyValue","name":"EPSS Score","value":"0.17%"},{"@type":"PropertyValue","name":"EPSS Percentile","value":"38th"},{"@type":"PropertyValue","name":"Attack Vector","value":"NETWORK"},{"@type":"PropertyValue","name":"Attack Complexity","value":"LOW"},{"@type":"PropertyValue","name":"Privileges Required","value":"NONE"},{"@type":"PropertyValue","name":"User Interaction","value":"REQUIRED"},{"@type":"PropertyValue","name":"Scope","value":"CHANGED"},{"@type":"PropertyValue","name":"Confidentiality Impact","value":"LOW"},{"@type":"PropertyValue","name":"Integrity Impact","value":"LOW"},{"@type":"PropertyValue","name":"Availability Impact","value":"NONE"}]},{"@context":"https://schema.org","@type":"FAQPage","mainEntity":[{"@type":"Question","name":"What is CVE-2023-6300?","acceptedAnswer":{"@type":"Answer","text":"Cross-site scripting (CWE-79) vulnerability in SourceCodester Best Courier Management System 1.0 allows remote attackers to execute script via a crafted payload in the page parameter (example payload: ), resulting in a reflected XSS. The issue can be exploited remotely and requires user interaction, with a CVSSv3.1 base score of 3.5 (Low).\n"}},{"@type":"Question","name":"How severe is CVE-2023-6300?","acceptedAnswer":{"@type":"Answer","text":"CVE-2023-6300 has a CVSS score of 6.1 (Medium severity). EPSS score: 0.17% (38th percentile), indicating the estimated probability of exploitation in the wild."}},{"@type":"Question","name":"How do I fix CVE-2023-6300?","acceptedAnswer":{"@type":"Answer","text":"- Validate and sanitize all user-supplied input on the server side, especially the page parameter, using strict allow-lists and proper escaping.\n- Encode or escape all untrusted data before inserting it into the HTML response to prevent script execution (use framework-provided escaping or a reputable encoding library).\n- Avoid reflecting raw user input back into the page; if reflection is required, ensure context-appropriate escaping and consider removing or neutralizing HTML tags.\n- Implement a strict Content Security Policy (CSP) that restricts script sources (e.g., default-src 'self'; script-src 'self'), and consider disallowing inline scripts.\n- Apply vendor-provided patches or upgrade to a version where the vulnerability is fixed. If no patch is available, implement compensating controls such as input validation, output encoding, and CSP, and closely monitor for exploitation.\n- Enhance logging and anomaly detection around parameters that are echoed back in responses; alert on unusual payloads similar to known PoCs.\n- Perform verification testing with safe, representative XSS payloads to ensure the vulnerability is mitigated after changes.\n"}}]},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://cve.armis.com/"},{"@type":"ListItem","position":2,"name":"CVE-2023-6300","item":"https://cve.armis.com/CVE-2023-6300"}]}]

CVE-2023-6300:

Cross-site scripting (CWE-79) vulnerability in SourceCodester Best Courier Management System 1.0 allows remote attackers to execute script via a crafted payload in the page parameter (example payload: alert(1)), resulting in a reflected XSS. The issue can be exploited remotely and requires user interaction, with a CVSSv3.1 base score of 3.5 (Low).

Score
A numerical rating that indicates how dangerous this vulnerability is.

Published Date:Nov 27, 2023
CISA KEV Date:*No Data*
Industries Affected:20

Threat Predictions

EPSS Score:0.2
EPSS Percentile:38%

Exploitability

Score:2.8
Attack Vector:NETWORK
Attack Complexity:LOW

Description Preview

Cross-site scripting (CWE-79) vulnerability in SourceCodester Best Courier Management System 1.0 allows remote attackers to execute script via a crafted payload in the page parameter (example payload: alert(1)), resulting in a reflected XSS. The issue can be exploited remotely and requires user interaction, with a CVSSv3.1 base score of 3.5 (Low).

Overview

This CVE describes a low-severity reflected cross-site scripting vulnerability in SourceCodester Best Courier Management System 1.0. The flaw arises when untrusted input supplied via the page parameter is not properly encoded before being reflected in the HTML response, allowing an attacker’s malicious script to execute in the victim’s browser. The issue can be exploited remotely and requires some user interaction to trigger, with public disclosure and identification as VDB-246126. The vulnerability offers no direct data access or system compromise beyond script execution, aligning with a CVSSv3.1 base score of 3.5 (Low).

Remediation

Validate and sanitize all user-supplied input on the server side, especially the page parameter, using strict allow-lists and proper escaping.
Encode or escape all untrusted data before inserting it into the HTML response to prevent script execution (use framework-provided escaping or a reputable encoding library).
Avoid reflecting raw user input back into the page; if reflection is required, ensure context-appropriate escaping and consider removing or neutralizing HTML tags.
Implement a strict Content Security Policy (CSP) that restricts script sources (e.g., default-src 'self'; script-src 'self'), and consider disallowing inline scripts.
Apply vendor-provided patches or upgrade to a version where the vulnerability is fixed. If no patch is available, implement compensating controls such as input validation, output encoding, and CSP, and closely monitor for exploitation.
Enhance logging and anomaly detection around parameters that are echoed back in responses; alert on unusual payloads similar to known PoCs.
Perform verification testing with safe, representative XSS payloads to ensure the vulnerability is mitigated after changes.

References

Industries Affected

Below is a list of industries most commonly impacted or potentially at risk based on intelligence.

Low

Mining

Utilities

Information

Construction

Retail Trade

Manufacturing

Wholesale Trade

Educational Services

Finance and Insurance

Public Administration

Real Estate Rental and Leasing

Transportation and Warehousing