Skip to main content

Ng Firewall CVE-2019-18648

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2019-11-14 cve@mitre.org
4.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.8 MEDIUM
AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Nov 14, 2019 - 15:15 nvd
MEDIUM 4.8

DescriptionNVD

When logged in as an admin user, the Untangle NG firewall 14.2.0 is vulnerable to reflected XSS at multiple places and specific user input fields.

AnalysisAI

When logged in as an admin user, the Untangle NG firewall 14.2.0 is vulnerable to reflected XSS at multiple places and specific user input fields. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. When logged in as an admin user, the Untangle NG firewall 14.2.0 is vulnerable to reflected XSS at multiple places and specific user input fields. Affected products include: Untangle Ng Firewall.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2025-2767 CRITICAL
9.6 Apr 23

Arista NG Firewall User-Agent Cross-Site Scripting Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.

CVE-2024-12829 HIGH
8.8 Dec 20

Arista NG Firewall ExecManagerImpl Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8)

CVE-2024-27889 HIGH
8.8 Mar 04

Multiple SQL Injection vulnerabilities exist in the reporting application of the Arista Edge Threat Management - Arista

CVE-2024-12831 HIGH
7.8 Dec 20

Arista NG Firewall uvm_login Incorrect Authorization Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8),

CVE-2024-12830 HIGH
7.3 Dec 20

Arista NG Firewall custom_handler Directory Traversal Remote Code Execution Vulnerability. Rated high severity (CVSS 7.3

CVE-2019-18647 HIGH
7.2 Nov 14

The Untangle NG firewall 14.2.0 is vulnerable to an authenticated command injection when logged in as an admin user. Rat

CVE-2019-18646 HIGH
7.2 Nov 14

The Untangle NG firewall 14.2.0 is vulnerable to authenticated inline-query SQL injection within the timeDataDynamicColu

CVE-2026-25622 HIGH
7.0 Jun 05

Command injection in Arista Edge Threat Management Next Generation Firewall (NGFW) Captive Portal Custom Handler allows

CVE-2026-25620 HIGH
7.0 Jun 05

Command injection in Arista Edge Threat Management Next Generation Firewall (NGFW) version 17.4.0 allows authenticated h

CVE-2026-25623 HIGH
7.0 Jun 05

Authenticated command injection in Arista Edge Threat Management Next Generation Firewall (NGFW) allows administrators w

CVE-2026-25621 HIGH
7.0 Jun 05

Command injection in Arista Edge Threat Management Next Generation Firewall (NGFW) version 17.4.0 allows high-privileged

CVE-2024-12832 MEDIUM
6.3 Dec 20

Arista NG Firewall ReportEntry SQL Injection Arbitrary File Read and Write Vulnerability. Rated medium severity (CVSS 6.

Share

CVE-2019-18648 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy