A Reflected Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-01-17T17:42:17
Updated: 2020-01-17T17:42:17
Reserved: 2019-10-04T00:00:00
Link: CVE-2019-17125
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-01-17T18:15:13.103
Modified: 2020-01-22T19:27:21.713
Link: CVE-2019-17125
JSON object: View
Redhat Information
No data.
CWE