CVE-2020-11766
https://notcve.org/view.php?id=CVE-2020-11766
sendfax.php in iFAX AvantFAX before 3.3.6 and HylaFAX Enterprise Web Interface before 0.2.5 allows authenticated Command Injection. El archivo sendfax.php en iFAX AvantFAX versiones anteriores a 3.3.6 e HylaFAX Enterprise Web Interface versiones anteriores a 0.2.5, permite una Inyección de Comandos autenticada. • ftp://ftp.ifax.com/security/CVE-2020-11766.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2017-18024 – AvantFAX 3.3.3 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2017-18024
AvantFAX 3.3.3 has XSS via an arbitrary parameter name to the default URI, as demonstrated by a parameter whose name contains a SCRIPT element and whose value is 1. AvantFAX 3.3.3 tiene Cross-Site Scripting (XSS) mediante un nombre de parámetro arbitrario en la URI por defecto, tal y como queda demostrado con un parámetro cuyo nombre contiene un elemento SCRIPT y cuyo valor es 1. AvantFAX version 3.3.3 suffers from a cross site scripting vulnerability. • http://packetstormsecurity.com/files/145776/AvantFAX-3.3.3-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •