← Back

Avantfax

avantfax

Vendor: Avantfax • 5 CVEs

CVEs (5)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-23328
1Avantfax
1Avantfax
Mar 4, 2025
Mar 10, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
A File Upload vulnerability exists in AvantFAX 3.3.7. An authenticated user can bypass PHP file type validation in FileUpload.php by uploading a specially crafted PHP file.
CVE-2023-23327
1Avantfax
1Avantfax
Mar 5, 2025
Mar 10, 2023
N/A· v4
4.9 MEDIUM· v3
N/A· v2
An Information Disclosure vulnerability exists in AvantFAX 3.3.7. Backups of the AvantFAX sent/received faxes, and database backups are stored using the current date as the filename and hosted on the web server without a...Show more
An Information Disclosure vulnerability exists in AvantFAX 3.3.7. Backups of the AvantFAX sent/received faxes, and database backups are stored using the current date as the filename and hosted on the web server without access controls.Show less
CVE-2023-23326
1Avantfax
1Avantfax
Feb 27, 2025
Mar 10, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
A Stored Cross-Site Scripting (XSS) vulnerability exists in AvantFAX 3.3.7. An authenticated low privilege user can inject arbitrary Javascript into their e-mail address which is executed when an administrator logs into...Show more
A Stored Cross-Site Scripting (XSS) vulnerability exists in AvantFAX 3.3.7. An authenticated low privilege user can inject arbitrary Javascript into their e-mail address which is executed when an administrator logs into AvantFAX to view the admin dashboard. This may result in stealing an administrator's session cookie and hijacking their session.Show less
CVE-2020-11766
2Avantfax
Ifax
2Avantfax
Hylafax
Nov 21, 2024
May 19, 2020
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
sendfax.php in iFAX AvantFAX before 3.3.6 and HylaFAX Enterprise Web Interface before 0.2.5 allows authenticated Command Injection.
CVE-2017-18024
1Avantfax
1Avantfax
Nov 21, 2024
Jan 10, 2018
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
AvantFAX 3.3.3 has XSS via an arbitrary parameter name to the default URI, as demonstrated by a parameter whose name contains a SCRIPT element and whose value is 1.