Angular CSTI Vulnerability in SolarWinds Orion Platform 2019.2 HF1: Escaping Angular Sandbox for Stored XSS
CVE-2019-17125 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
A Reflected Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS.
Learn more about our Web Application Penetration Testing UK.