MidnightBSD

Advisories for commsy

CVE-2017-1000496 MEDIUM

Commsy version 9.0.0 is vulnerable to XXE attacks in the configuration import functionality resulting in denial of service and possibly remote execution of code.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
commsy commsy 9.0.0
CVE-2019-11880 MEDIUM

CommSy through 8.6.5 has SQL Injection via the cid parameter. This is fixed in 9.2.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
commsy commsy *