CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-23326

A Stored Cross-Site Scripting (XSS) vulnerability exists in AvantFAX 3.3.7. An authenticated low privilege user can inject arbitrary Javascript into their e-mail address which is executed when an administrator logs into AvantFAX to view the admin dashboard. This may result in stealing an administrator's session cookie and hijacking their session.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.012

EPSS Ranking 77.8%

CVSS Severity

CVSS v3 Score 5.4

References

http://avantfax.com
https://github.com/superkojiman/vulnerabilities/blob/master/AvantFAX-3.3.7/README.md
http://avantfax.com
https://github.com/superkojiman/vulnerabilities/blob/master/AvantFAX-3.3.7/README.md

Products affected by CVE-2023-23326

Avantfax » Avantfax » Version: 3.3.7

cpe:2.3:a:avantfax:avantfax:3.3.7

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-23326

Products

Pricing

Contact Us