Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
avantfax vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-23326
A Stored Cross-Site Scripting (XSS) vulnerability exists in AvantFAX 3.3.7. An authenticated low privilege user can inject arbitrary Javascript into their e-mail address which is executed when an administrator logs into AvantFAX to view the admin dashboard. This may result in ste...
Avantfax Avantfax 3.3.7
4.9
CVSSv3
CVE-2023-23327
An Information Disclosure vulnerability exists in AvantFAX 3.3.7. Backups of the AvantFAX sent/received faxes, and database backups are stored using the current date as the filename and hosted on the web server without access controls.
Avantfax Avantfax 3.3.7
8.8
CVSSv3
CVE-2023-23328
A File Upload vulnerability exists in AvantFAX 3.3.7. An authenticated user can bypass PHP file type validation in FileUpload.php by uploading a specially crafted PHP file.
Avantfax Avantfax 3.3.7
6.1
CVSSv3
CVE-2017-18024
AvantFAX 3.3.3 has XSS via an arbitrary parameter name to the default URI, as demonstrated by a parameter whose name contains a SCRIPT element and whose value is 1.
Avantfax Avantfax 3.3.3
8.8
CVSSv3
CVE-2020-11766
sendfax.php in iFAX AvantFAX prior to 3.3.6 and HylaFAX Enterprise Web Interface prior to 0.2.5 allows authenticated Command Injection.
Ifax Hylafax
Avantfax Avantfax
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started