Vulnerabilities > Avantfax > Avantfax > 3.3.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-05-19 | CVE-2020-11766 | Injection vulnerability in multiple products sendfax.php in iFAX AvantFAX before 3.3.6 and HylaFAX Enterprise Web Interface before 0.2.5 allows authenticated Command Injection. | 6.5 |
2018-01-10 | CVE-2017-18024 | Cross-site Scripting vulnerability in Avantfax 3.3.3 AvantFAX 3.3.3 has XSS via an arbitrary parameter name to the default URI, as demonstrated by a parameter whose name contains a SCRIPT element and whose value is 1. | 4.3 |