3 matches found
Endless Group: XSS on https://fax.pbx.itsendless.org/ (CVE-2017-18024)
Summary: Hello Endless Hosting, I found an XSS on https://fax.pbx.itsendless.org/ . This domain running an AvantFax software 3.3.6 However, the exploit of CVE-2017-18024 for version 3.3.3 is working on that version. Here is the exploit code of CVE-2017-18024 history.pushState'', '', '/'...
CVE-2017-18024
AvantFAX 3.3.3 has XSS via an arbitrary parameter name to the default URI, as demonstrated by a parameter whose name contains a SCRIPT element and whose value is 1...
CVE-2017-18024
AvantFAX 3.3.3 is affected by a cross-site scripting (XSS) vulnerability in the web UI: an arbitrary parameter name passed to the default URI can include a SCRIPT tag, enabling arbitrary JavaScript in the victim’s browser. Impact includes potential session hijacking, defacement, or data leakage a...