Avantfax: >> Avantfax >> 3.3.3 Security Vulnerabilities
sendfax.php in iFAX AvantFAX before 3.3.6 and HylaFAX Enterprise Web Interface before 0.2.5 allows authenticated Command Injection.
CVSS Score
8.8
EPSS Score
0.043
Published
2020-05-19
AvantFAX 3.3.3 has XSS via an arbitrary parameter name to the default URI, as demonstrated by a parameter whose name contains a SCRIPT element and whose value is 1.
CVSS Score
6.1
EPSS Score
0.063
Published
2018-01-10