Show filters
4 Total Results
Displaying 1-4 of 4
Sort by:
Attacker Value
Unknown

CVE-2019-18648

Disclosure Date: November 14, 2019 (last updated November 27, 2024)
When logged in as an admin user, the Untangle NG firewall 14.2.0 is vulnerable to reflected XSS at multiple places and specific user input fields.
Attack Vector: NetworkPrivileges: HighUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2019-18647

Disclosure Date: November 14, 2019 (last updated November 27, 2024)
The Untangle NG firewall 14.2.0 is vulnerable to an authenticated command injection when logged in as an admin user.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2019-18649

Disclosure Date: November 14, 2019 (last updated November 27, 2024)
When logged in as an admin user, the Title input field (under Reports) within Untangle NG firewall 14.2.0 is vulnerable to stored XSS.
Attack Vector: NetworkPrivileges: HighUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2019-18646

Disclosure Date: August 21, 2019 (last updated November 27, 2024)
The Untangle NG firewall 14.2.0 is vulnerable to authenticated inline-query SQL injection within the timeDataDynamicColumn parameter when logged in as an admin user.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0