RSS   Vulnerabilities for 'Ng firewall'   RSS

2019-11-14
 
CVE-2019-18649

CWE-79
 

 
When logged in as an admin user, the Title input field (under Reports) within Untangle NG firewall 14.2.0 is vulnerable to stored XSS.

 
 
CVE-2019-18648

CWE-79
 

 
When logged in as an admin user, the Untangle NG firewall 14.2.0 is vulnerable to reflected XSS at multiple places and specific user input fields.

 
 
CVE-2019-18647

CWE-74
 

 
The Untangle NG firewall 14.2.0 is vulnerable to an authenticated command injection when logged in as an admin user.

 
 
CVE-2019-18646

CWE-89
 

 
The Untangle NG firewall 14.2.0 is vulnerable to authenticated inline-query SQL injection within the timeDataDynamicColumn parameter when logged in as an admin user.

 


Copyright 2024, cxsecurity.com

 

Back to Top