Vulnerabilities > Avantfax

DATE CVE VULNERABILITY TITLE RISK
2023-03-10 CVE-2023-23326 Cross-site Scripting vulnerability in Avantfax 3.3.7
A Stored Cross-Site Scripting (XSS) vulnerability exists in AvantFAX 3.3.7.
network
low complexity
avantfax CWE-79
5.4
5.4
2023-03-10 CVE-2023-23327 Information Exposure vulnerability in Avantfax 3.3.7
An Information Disclosure vulnerability exists in AvantFAX 3.3.7.
network
low complexity
avantfax CWE-200
4.9
4.9
2023-03-10 CVE-2023-23328 Unrestricted Upload of File with Dangerous Type vulnerability in Avantfax 3.3.7
A File Upload vulnerability exists in AvantFAX 3.3.7.
network
low complexity
avantfax CWE-434
8.8
8.8
2020-05-19 CVE-2020-11766 Injection vulnerability in multiple products
sendfax.php in iFAX AvantFAX before 3.3.6 and HylaFAX Enterprise Web Interface before 0.2.5 allows authenticated Command Injection.
network
low complexity
ifax avantfax CWE-74
6.5
6.5
2018-01-10 CVE-2017-18024 Cross-site Scripting vulnerability in Avantfax 3.3.3
AvantFAX 3.3.3 has XSS via an arbitrary parameter name to the default URI, as demonstrated by a parameter whose name contains a SCRIPT element and whose value is 1.
network
avantfax CWE-79
4.3
4.3