Vulnerabilities > Netfortris
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-01 | CVE-2020-7351 | OS Command Injection vulnerability in Netfortris Trixbox 1.2.0/2.8.0.4 An OS Command Injection vulnerability in the endpoint_devicemap.php component of Fonality Trixbox Community Edition allows an attacker to execute commands on the underlying operating system as the "asterisk" user. | 8.8 |
| 2018-02-16 | CVE-2017-14537 | Path Traversal vulnerability in Netfortris Trixbox 2.8.0.4 trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php. | 6.5 |
| 2018-02-16 | CVE-2017-14536 | Cross-site Scripting vulnerability in Netfortris Trixbox 2.8.0.4 trixbox 2.8.0.4 has XSS via the PATH_INFO to /maint/index.php or /user/includes/language/langChooser.php. | 5.4 |
| 2018-02-16 | CVE-2017-14535 | OS Command Injection vulnerability in Netfortris Trixbox 2.8.0.4 trixbox 2.8.0.4 has OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php. | 8.8 |