Vulnerabilities > Avantfax
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-03-10 | CVE-2023-23326 | Cross-site Scripting vulnerability in Avantfax 3.3.7 A Stored Cross-Site Scripting (XSS) vulnerability exists in AvantFAX 3.3.7. | 5.4 |
2023-03-10 | CVE-2023-23327 | Information Exposure vulnerability in Avantfax 3.3.7 An Information Disclosure vulnerability exists in AvantFAX 3.3.7. | 4.9 |
2023-03-10 | CVE-2023-23328 | Unrestricted Upload of File with Dangerous Type vulnerability in Avantfax 3.3.7 A File Upload vulnerability exists in AvantFAX 3.3.7. | 8.8 |
2020-05-19 | CVE-2020-11766 | OS Command Injection vulnerability in multiple products sendfax.php in iFAX AvantFAX before 3.3.6 and HylaFAX Enterprise Web Interface before 0.2.5 allows authenticated Command Injection. | 8.8 |
2018-01-10 | CVE-2017-18024 | Cross-site Scripting vulnerability in Avantfax 3.3.3 AvantFAX 3.3.3 has XSS via an arbitrary parameter name to the default URI, as demonstrated by a parameter whose name contains a SCRIPT element and whose value is 1. | 6.1 |