CVE-2020-5192

Current Description

A Reflected Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS.

Basic Data

PublishedJanuary 17, 2020
Last ModifiedJanuary 17, 2020
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem Type
CVE Data Version4.0

Base Metric V2

No data provided.

Base Metric V3

No data provided.

Configurations

Vulnerable Software List

This CVE contains no version information.

References

NameSourceURLTags
https://support.solarwinds.com/SuccessCenter/s/orion-platformMISChttps://support.solarwinds.com/SuccessCenter/s/orion-platform
https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2019-4-Hotfix-3?ui-force-components-controllers-recordGlobalValueProvider.RecordGvp.getRecord=1&r=116&ui-knowledge-components-aura-actions.KnowledgeArticleVersionCreateDraftFromOnlineAction.createDraftFromOnlineArticle=1CONFIRMhttps://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2019-4-Hotfix-3?ui-force-components-controllers-recordGlobalValueProvider.RecordGvp.getRecord=1&r=116&ui-knowledge-components-aura-actions.KnowledgeArticleVersionCreateDraftFromOnlineAction.createDraftFromOnlineArticle=1