Untangle: >> Ng Firewall >> 14.2.0 Security Vulnerabilities
The Untangle NG firewall 14.2.0 is vulnerable to authenticated inline-query SQL injection within the timeDataDynamicColumn parameter when logged in as an admin user.
CVSS Score
7.2
EPSS Score
0.004
Published
2019-11-14
The Untangle NG firewall 14.2.0 is vulnerable to an authenticated command injection when logged in as an admin user.
CVSS Score
7.2
EPSS Score
0.015
Published
2019-11-14
When logged in as an admin user, the Untangle NG firewall 14.2.0 is vulnerable to reflected XSS at multiple places and specific user input fields.
CVSS Score
4.8
EPSS Score
0.003
Published
2019-11-14
When logged in as an admin user, the Title input field (under Reports) within Untangle NG firewall 14.2.0 is vulnerable to stored XSS.
CVSS Score
4.8
EPSS Score
0.003
Published
2019-11-14