Posted by Calum Hutton on Apr 28

This is a follow up to an earlier post, highlighting an XSS and information disclosure vulnerability in versions of
Untangle 9-11

The previous post is shown in full below this post.

Additional un-patched vectors have been discovered that allow for these issues to be exploited with increased
feasibility.

The vectors exist due to improper handling of uploaded files, and insufficient validation and sanitisation of their
contents.

Two…