2 matches found
CVE-2023-23326
AvantFAX 3.3.7 contains a Stored Cross-Site Scripting (XSS) vulnerability. An authenticated low-privilege user can inject arbitrary JavaScript into their email address, which is executed when an administrator logs in to view the admin dashboard, potentially enabling theft of the administrator’s s...
CVE-2023-23326
A Stored Cross-Site Scripting XSS vulnerability exists in AvantFAX 3.3.7. An authenticated low privilege user can inject arbitrary Javascript into their e-mail address which is executed when an administrator logs into AvantFAX to view the admin dashboard. This may result in stealing an...