Vulnerabilities > Untangle > NG Firewall > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-14 | CVE-2019-18649 | Cross-site Scripting vulnerability in Untangle NG Firewall 14.2.0 When logged in as an admin user, the Title input field (under Reports) within Untangle NG firewall 14.2.0 is vulnerable to stored XSS. | 4.8 |
| 2019-11-14 | CVE-2019-18648 | Cross-site Scripting vulnerability in Untangle NG Firewall 14.2.0 When logged in as an admin user, the Untangle NG firewall 14.2.0 is vulnerable to reflected XSS at multiple places and specific user input fields. | 4.8 |