Commsy version 9.0.0 is vulnerable to XXE attacks in the configuration import functionality resulting in denial of service and possibly remote execution of code.
8.8CVSS
8.6AI Score
0.007EPSS
CommSy through 8.6.5 has SQL Injection via the cid parameter. This is fixed in 9.2.
7.5CVSS
7.8AI Score
0.001EPSS