Lucene search
PRIOn knowledge basePRION:CVE-2019-17125HistoryJan 17, 2020 - 6:15 p.m.
Cross site scripting
2020-01-1718:15:00
PRIOn knowledge base
www.prio-n.com
4
A Reflected Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS.
| CPE | Name | Operator | Version |
|---|---|---|---|
| orion_platform | eq | 2019.2 hotfix1 |
References
support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2019-4-Hotfix-3?ui-force-components-controllers-recordGlobalValueProvider.RecordGvp.getRecord=1&r=116&ui-knowledge-components-aura-actions.KnowledgeArticleVersionCreateDraftFromOnlineAction.createDraftFromOnlineArticle=1
support.solarwinds.com/SuccessCenter/s/orion-platform
Related
cve
cve
CVE-2019-17125
2020-01-17 18:15:13
nvd
nvd
CVE-2019-17125
2020-01-17 18:15:13
cvelist
cvelist
CVE-2019-17125
2020-01-17 17:42:17