Vulnerabilities > Avantfax

DATE CVE VULNERABILITY TITLE RISK
2023-03-10 CVE-2023-23326 Cross-site Scripting vulnerability in Avantfax 3.3.7
A Stored Cross-Site Scripting (XSS) vulnerability exists in AvantFAX 3.3.7.
network
low complexity
avantfax CWE-79
5.4
2023-03-10 CVE-2023-23327 Information Exposure vulnerability in Avantfax 3.3.7
An Information Disclosure vulnerability exists in AvantFAX 3.3.7.
network
low complexity
avantfax CWE-200
4.9
2023-03-10 CVE-2023-23328 Unrestricted Upload of File with Dangerous Type vulnerability in Avantfax 3.3.7
A File Upload vulnerability exists in AvantFAX 3.3.7.
network
low complexity
avantfax CWE-434
8.8
2020-05-19 CVE-2020-11766 OS Command Injection vulnerability in multiple products
sendfax.php in iFAX AvantFAX before 3.3.6 and HylaFAX Enterprise Web Interface before 0.2.5 allows authenticated Command Injection.
network
low complexity
ifax avantfax CWE-78
8.8
2018-01-10 CVE-2017-18024 Cross-site Scripting vulnerability in Avantfax 3.3.3
AvantFAX 3.3.3 has XSS via an arbitrary parameter name to the default URI, as demonstrated by a parameter whose name contains a SCRIPT element and whose value is 1.
network
low complexity
avantfax CWE-79
6.1