Unrated severityNVD Advisory· Published Jan 17, 2020· Updated Aug 5, 2024
CVE-2019-17127
CVE-2019-17127
Description
A Stored Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many application forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS. This can lead to privilege escalation.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- SolarWinds/Orion Platformdescription
- Range: <=2019.2 HF1
Patches
Vulnerability mechanics
References
2- support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2019-4-Hotfix-3mitrex_refsource_CONFIRM
- support.solarwinds.com/SuccessCenter/s/orion-platformmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.