RSS   Vulnerabilities for 'Avantfax'   RSS

2020-05-19
 
CVE-2020-11766

CWE-74
 

 
sendfax.php in iFAX AvantFAX before 3.3.6 and HylaFAX Enterprise Web Interface before 0.2.5 allows authenticated Command Injection.

 
2018-01-10
 
CVE-2017-18024

CWE-79
 

 
AvantFAX 3.3.3 has XSS via an arbitrary parameter name to the default URI, as demonstrated by a parameter whose name contains a SCRIPT element and whose value is 1.

 


Copyright 2020, cxsecurity.com

 

Back to Top