Avantfax: >> Avantfax >> 3.3.7 Security Vulnerabilities
A Stored Cross-Site Scripting (XSS) vulnerability exists in AvantFAX 3.3.7. An authenticated low privilege user can inject arbitrary Javascript into their e-mail address which is executed when an administrator logs into AvantFAX to view the admin dashboard. This may result in stealing an administrator's session cookie and hijacking their session.
CVSS Score
5.4
EPSS Score
0.012
Published
2023-03-10
An Information Disclosure vulnerability exists in AvantFAX 3.3.7. Backups of the AvantFAX sent/received faxes, and database backups are stored using the current date as the filename and hosted on the web server without access controls.
CVSS Score
4.9
EPSS Score
0.001
Published
2023-03-10
A File Upload vulnerability exists in AvantFAX 3.3.7. An authenticated user can bypass PHP file type validation in FileUpload.php by uploading a specially crafted PHP file.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-03-10