Alm4Ric

**Name of the Vulnerable Software and Affected Versions** Untangle NG firewall version 14.2.0 **Description** The issue concerns authenticated inline-query SQL injection. It occurs within the `timeDataDynamicColumn` parameter when a user is logged in as an admin. **Recommendations** For Untangle NG firewall version 14.2.0, consider restricting access to the `timeDataDynamicColumn` parameter to minimize the risk of exploitation until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Untangle NG firewall version 14.2.0 **Description** The issue allows for an authenticated command injection when an admin user is logged in. **Recommendations** For Untangle NG firewall version 14.2.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Untangle NG Firewall version 14.2.0 **Description** The issue allows for reflected XSS attacks when logged in as an admin user, affecting multiple places and specific user input fields. **Recommendations** For Untangle NG Firewall version 14.2.0, consider restricting access to admin user roles until a patch is available. As a temporary workaround, avoid using specific user input fields that are vulnerable to reflected XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Untangle NG Firewall version 14.2.0 **Description** The issue concerns a stored XSS vulnerability in the Title input field under Reports when an admin user is logged in. **Recommendations** For Untangle NG Firewall version 14.2.0, update to a version that includes a fix for this issue, as using the current version may pose a security risk due to the stored XSS vulnerability in the Title input field. At the moment, there is no information about a newer version that contains a fix for this vulnerability.