Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
SolarwindsOrion Platform2019.2

3 matches found

CVE
CVEadded 2020/01/17 6:15 p.m.101 views

CVE-2019-17127

A Stored Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many application forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS. This can lead to privilege escalation.

6.1CVSS6.3AI score0.02263EPSS
CVE
CVEadded 2020/01/17 6:15 p.m.95 views

CVE-2019-17125

A Reflected Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS.

6.1CVSS6.3AI score0.02825EPSS
CVE
CVEadded 2021/08/31 5:15 p.m.75 views

CVE-2021-35212

An SQL injection Privilege Escalation Vulnerability was discovered in the Orion Platform reported by the ZDI Team. A blind Boolean SQL injection which could lead to full read/write over the Orion database content including the Orion certificate for any authenticated user.

9CVSS9AI score0.01771EPSS