Filtered by vendor Avantfax
Subscriptions
Filtered by product Avantfax
Subscriptions
Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-23328 | 1 Avantfax | 1 Avantfax | 2024-11-21 | 8.8 High |
| A File Upload vulnerability exists in AvantFAX 3.3.7. An authenticated user can bypass PHP file type validation in FileUpload.php by uploading a specially crafted PHP file. | ||||
| CVE-2023-23327 | 1 Avantfax | 1 Avantfax | 2024-11-21 | 4.9 Medium |
| An Information Disclosure vulnerability exists in AvantFAX 3.3.7. Backups of the AvantFAX sent/received faxes, and database backups are stored using the current date as the filename and hosted on the web server without access controls. | ||||
| CVE-2023-23326 | 1 Avantfax | 1 Avantfax | 2024-11-21 | 5.4 Medium |
| A Stored Cross-Site Scripting (XSS) vulnerability exists in AvantFAX 3.3.7. An authenticated low privilege user can inject arbitrary Javascript into their e-mail address which is executed when an administrator logs into AvantFAX to view the admin dashboard. This may result in stealing an administrator's session cookie and hijacking their session. | ||||
| CVE-2020-11766 | 2 Avantfax, Ifax | 2 Avantfax, Hylafax | 2024-11-21 | 8.8 High |
| sendfax.php in iFAX AvantFAX before 3.3.6 and HylaFAX Enterprise Web Interface before 0.2.5 allows authenticated Command Injection. | ||||
| CVE-2017-18024 | 1 Avantfax | 1 Avantfax | 2024-11-21 | N/A |
| AvantFAX 3.3.3 has XSS via an arbitrary parameter name to the default URI, as demonstrated by a parameter whose name contains a SCRIPT element and whose value is 1. | ||||
Page 1 of 1.