Primary

Context

SolarWinds Orion Platform Stored Client-Side Template Injection Vulnerability Allowing Privilege Escalation

Vulnerability

Patched

A stored client-side template injection vulnerability has been identified in the SolarWinds Orion Platform version 2019.2 HF1. This vulnerability allows an attacker to inject an Angular expression, escaping the Angular sandbox to achieve stored cross-site scripting. The consequence of this vulnerability could lead to privilege escalation.

Impact

Exploitation of this vulnerability could result in stored cross-site scripting, allowing injected scripts to be executed in the context of the user.

Added: May 15, 2026, 9:26 AM

Updated: May 15, 2026, 9:26 AM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

5.4

exploitability

3.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

5.4

exploitability

3.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SolarWinds Orion Platform Stored Client-Side Template Injection Vulnerability Allowing Privilege Escalation

Vulnerability

Impact

Affected Products

SolarWinds Orion Platform

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating