Lucene search
MitreCVELIST:CVE-2019-17127HistoryJan 17, 2020 - 5:44 p.m.
CVE-2019-17127
2020-01-1717:44:02
mitre
www.cve.org
1
A Stored Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many application forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS. This can lead to privilege escalation.
References
support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2019-4-Hotfix-3?ui-force-components-controllers-recordGlobalValueProvider.RecordGvp.getRecord=1&r=116&ui-knowledge-components-aura-actions.KnowledgeArticleVersionCreateDraftFromOnlineAction.createDraftFromOnlineArticle=1
support.solarwinds.com/SuccessCenter/s/orion-platform
Related
cve
cve
CVE-2019-17127
2020-01-17 18:15:13
nvd
nvd
CVE-2019-17127
2020-01-17 18:15:13
prion
prion
Design/Logic Flaw
2020-01-17 18:15:00