Lucene search
MitreCVELIST:CVE-2023-23326HistoryMar 10, 2023 - 12:00 a.m.
CVE-2023-23326
2023-03-1000:00:00
mitre
www.cve.org
3
stored cross-site scripting
avantfax 3.3.7
cookie hijacking
administrator session
EPSS
0.001
Percentile
23.3%
A Stored Cross-Site Scripting (XSS) vulnerability exists in AvantFAX 3.3.7. An authenticated low privilege user can inject arbitrary Javascript into their e-mail address which is executed when an administrator logs into AvantFAX to view the admin dashboard. This may result in stealing an administratorβs session cookie and hijacking their session.
Related
cve
cve
CVE-2023-23326
2023-03-10 22:15:10
nvd
nvd
CVE-2023-23326
2023-03-10 22:15:10
prion
prion
Cross site scripting
2023-03-10 22:15:00