Avantfax: community verdicts
3 notable / known-exploited Avantfax CVEs the community has triaged.
- CVE-2023-23328HIGH 8.8Real · low riskEPSS 1%
A File Upload vulnerability exists in AvantFAX 3.3.7. An authenticated user can bypass PHP file type validation in FileUpload.php by uploading a specially crafted PHP file.
- CVE-2023-23327MED 4.9EPSS 1%
An Information Disclosure vulnerability exists in AvantFAX 3.3.7. Backups of the AvantFAX sent/received faxes, and database backups are stored using the current date as the filename and hosted on the web server without access controls.
- CVE-2023-23326MED 5.4EPSS 1%
A Stored Cross-Site Scripting (XSS) vulnerability exists in AvantFAX 3.3.7. An authenticated low privilege user can inject arbitrary Javascript into their e-mail address which is executed when an administrator logs into AvantFAX to view the admin dashboard. This may result in stealing an administrator's session cookie and hijacking their session.