Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 3:17 a.m.5 views

CVE-2023-23327

An Information Disclosure vulnerability exists in AvantFAX 3.3.7. Backups of the AvantFAX sent/received faxes, and database backups are stored using the current date as the filename and hosted on the web server without access controls...

4.9CVSS6.5AI score0.00832EPSS
Exploits1References1
OSV
OSV
added 2023/03/10 10:15 p.m.4 views

CVE-2023-23328

A File Upload vulnerability exists in AvantFAX 3.3.7. An authenticated user can bypass PHP file type validation in FileUpload.php by uploading a specially crafted PHP file...

8.8CVSS7.3AI score0.01097EPSS
Exploits1References2
OSV
OSV
added 2023/03/10 10:15 p.m.5 views

CVE-2023-23326

A Stored Cross-Site Scripting XSS vulnerability exists in AvantFAX 3.3.7. An authenticated low privilege user can inject arbitrary Javascript into their e-mail address which is executed when an administrator logs into AvantFAX to view the admin dashboard. This may result in stealing an...

5.4CVSS6.2AI score0.00523EPSS
Exploits1References2
Prion
Prion
added 2023/03/10 10:15 p.m.10 views

Unrestricted file upload

A File Upload vulnerability exists in AvantFAX 3.3.7. An authenticated user can bypass PHP file type validation in FileUpload.php by uploading a specially crafted PHP file...

6.5CVSS8.5AI score0.01097EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2023/03/10 12:0 a.m.4 views

iFAX AvantFAX 信息泄露漏洞

iFAX AvantFAX is a web application from iFAX Corporation that allows users to view and send faxes on any platform without the need to install special software. A security vulnerability exists in iFAX AvantFAX version 3.3.7, which stems from an information disclosure vulnerability where backups of...

4.9CVSS5.4AI score0.00832EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/03/10 12:0 a.m.19 views

CVE-2023-23326

A Stored Cross-Site Scripting XSS vulnerability exists in AvantFAX 3.3.7. An authenticated low privilege user can inject arbitrary Javascript into their e-mail address which is executed when an administrator logs into AvantFAX to view the admin dashboard. This may result in stealing an...

5.3AI score0.00523EPSS
Exploits1References1
CVE
CVE
added 2023/03/10 12:0 a.m.55 views

CVE-2023-23327

Summary (concrete facts): CVE-2023-23327 affects AvantFAX 3.3.7, where backups of sent/received faxes and database backups are stored on the web server with the current date as filenames and without access controls, enabling potential information disclosure. Multiple connected sources corroborate...

4.9CVSS5AI score0.00832EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/03/10 12:0 a.m.53 views

CVE-2023-23326

AvantFAX 3.3.7 contains a Stored Cross-Site Scripting (XSS) vulnerability. An authenticated low-privilege user can inject arbitrary JavaScript into their email address, which is executed when an administrator logs in to view the admin dashboard, potentially enabling theft of the administrator’s s...

5.4CVSS5.1AI score0.00523EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder