The Untangle NG firewall 14.2.0 is vulnerable to authenticated inline-query SQL injection within the timeDataDynamicColumn parameter when logged in as an admin user.
7.2CVSS
7.2AI Score
0.001EPSS
The Untangle NG firewall 14.2.0 is vulnerable to an authenticated command injection when logged in as an admin user.
7.2CVSS
7.1AI Score
0.002EPSS
When logged in as an admin user, the Untangle NG firewall 14.2.0 is vulnerable to reflected XSS at multiple places and specific user input fields.
4.8CVSS
4.9AI Score
0.001EPSS
When logged in as an admin user, the Title input field (under Reports) within Untangle NG firewall 14.2.0 is vulnerable to stored XSS.
4.8CVSS
5AI Score
0.001EPSS
5.3CVSS
5.4AI Score
0.001EPSS