superkojiman/vulnerabilities

superkojiman/vulnerabilities

Releases0

Stars56

Published vulnerabilities and exploits.

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-23326 ↗	Mar 10, 2023Friday, 10 March 2023, 22:15	5.4 MEDIUM	—
A Stored Cross-Site Scripting (XSS) vulnerability exists in AvantFAX 3.3.7. An authenticated low privilege user can inject arbitrary Javascript into their e-mail address which is executed when an administrator logs into AvantFAX to view the admin dashboard. This may result in stealing an administrator's session cookie and hijacking their session.
CVE-2023-23327 ↗	Mar 10, 2023Friday, 10 March 2023, 22:15	4.9 MEDIUM	—
An Information Disclosure vulnerability exists in AvantFAX 3.3.7. Backups of the AvantFAX sent/received faxes, and database backups are stored using the current date as the filename and hosted on the web server without access controls.
CVE-2023-23328 ↗	Mar 10, 2023Friday, 10 March 2023, 22:15	8.8 HIGH	—
A File Upload vulnerability exists in AvantFAX 3.3.7. An authenticated user can bypass PHP file type validation in FileUpload.php by uploading a specially crafted PHP file.