Lucene search
MitreCVELIST:CVE-2019-17125HistoryJan 17, 2020 - 5:42 p.m.
CVE-2019-17125
2020-01-1717:42:17
mitre
www.cve.org
4
EPSS
0.001
Percentile
36.1%
A Reflected Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS.
References
support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2019-4-Hotfix-3?ui-force-components-controllers-recordGlobalValueProvider.RecordGvp.getRecord=1&r=116&ui-knowledge-components-aura-actions.KnowledgeArticleVersionCreateDraftFromOnlineAction.createDraftFromOnlineArticle=1
support.solarwinds.com/SuccessCenter/s/orion-platform
Related
cve
cve
CVE-2019-17125
2020-01-17 18:15:13
prion
prion
Cross site scripting
2020-01-17 18:15:00
nvd
nvd
CVE-2019-17125
2020-01-17 18:15:13