| |
Vulnerability CVE-2023-23326
Published: 2023-03-10
| Description: |
A Stored Cross-Site Scripting (XSS) vulnerability exists in AvantFAX 3.3.7. An authenticated low privilege user can inject arbitrary Javascript into their e-mail address which is executed when an administrator logs into AvantFAX to view the admin dashboard. This may result in stealing an administrator's session cookie and hijacking their session. |
References: |
https://github.com/superkojiman/vulnerabilities/blob/master/AvantFAX-3.3.7/README.md
http://avantfax.com
|
|
|
closedb();
?>
Copyright 2026, cxsecurity.com
|
|
|