Medium severity5.4NVD Advisory· Published Mar 10, 2023· Updated Jul 5, 2026
CVE-2023-23326
CVE-2023-23326
Description
A Stored Cross-Site Scripting (XSS) vulnerability exists in AvantFAX 3.3.7. An authenticated low privilege user can inject arbitrary Javascript into their e-mail address which is executed when an administrator logs into AvantFAX to view the admin dashboard. This may result in stealing an administrator's session cookie and hijacking their session.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- AvantFAX/AvantFAXdescription
Patches
Vulnerability mechanics
References
2- github.com/superkojiman/vulnerabilities/blob/master/AvantFAX-3.3.7/README.mdnvdExploitThird Party Advisory
- avantfax.comnvdVendor Advisory
News mentions
0No linked articles in our index yet.