VYPR

Commsy

by Commsy

Source repositories

CVEs (2)

  • CVE-2017-1000496HigJan 3, 2018
    risk 0.57cvss 8.8epss 0.02

    Commsy version 9.0.0 is vulnerable to XXE attacks in the configuration import functionality resulting in denial of service and possibly remote execution of code.

  • CVE-2019-11880HigMay 22, 2019
    risk 0.49cvss 7.5epss 0.02

    CommSy through 8.6.5 has SQL Injection via the cid parameter. This is fixed in 9.2.