Vulnerability CVE-2023-23326


Published: 2023-03-10

Description:
A Stored Cross-Site Scripting (XSS) vulnerability exists in AvantFAX 3.3.7. An authenticated low privilege user can inject arbitrary Javascript into their e-mail address which is executed when an administrator logs into AvantFAX to view the admin dashboard. This may result in stealing an administrator's session cookie and hijacking their session.

 References:
https://github.com/superkojiman/vulnerabilities/blob/master/AvantFAX-3.3.7/README.md
http://avantfax.com

Copyright 2026, cxsecurity.com

 

Back to Top