Angular CSTI Vulnerability in SolarWinds Orion Platform 2019.2 HF1: Escaping Angular Sandbox for Stored XSS

CVE-2019-17125 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

A Reflected Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS.

Learn more about our Web Application Penetration Testing UK.