Summary
Cross-Site Scripting (XSS) vulnerabilities exist in ServiceNow records allowing an authenticated attacker to inject arbitrary scripts.
Description
Cross-Site Scripting (XSS) vulnerabilities exist in ServiceNow records allowing an authenticated attacker to inject arbitrary scripts.
Severity
4.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)
Affected Versions
This vulnerability is present in the following Affected Product(s) listed below.
Affected Product(s) |
---|
cpe:2.3:a:servicenow:servicenow:san_diego:patch_3:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:san_diego:patch_2_hotfix_1:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:san_diego:patch_2:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:san_diego:patch_1_hotfix_1b:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:san_diego:patch_1_hotfix_1a:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:san_diego:patch_1_hotfix_1:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:san_diego:patch_1:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:san_diego:patch_6:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:san_diego:patch_4:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:san_diego:patch_4a:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_1:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_2:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_3:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_4:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:rome:patch_1:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:rome:patch_2:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:rome:patch_3:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:rome:patch_4:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:utah:-:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:rome:patch_1_hotfix_1:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:rome:patch_1_hotfix_1b:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:rome:patch_1_hotfix_2:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:rome:patch_3_hotfix_1:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:rome:patch_4_hotfix_1:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:rome:patch_4_hotfix_1a:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:rome:patch_4_hotfix_1b:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:rome:patch_5:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:rome:patch_5_hotfix_1:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:rome:patch_5_hotfix_2:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:rome:patch_6:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:rome:patch_6_hotfix_1:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:rome:patch_6_hotfix_2:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:rome:patch_7_hotfix_1:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:rome:patch_7a:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:rome:patch_7b:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:rome:patch_8:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:rome:patch_8_hotfix_1:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:rome:patch_8_hotfix_2:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:rome:patch_9:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:rome:patch_9a:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:rome:patch_9b:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:rome:patch_9_hotfix_1:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:rome:patch_10:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:rome:patch_10_hotfix_1:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:rome:patch_10_hotfix_2:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:rome:patch_10_hotfix_2a:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:san_diego:patch_7:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:san_diego:patch_8:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:tokyo:-:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:san_diego:patch_7b:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:san_diego:-:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:tokyo:patch_1a:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:tokyo:patch_1b:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:tokyo:patch_1:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:tokyo:patch_2:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:tokyo:patch_3:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:rome:patch_1_hotfix_1a:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:rome:-:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:rome:patch_10_hotfix_2b:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:rome:patch_10_hotfix_3b:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:tokyo:patch_1_hotfix_1:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:tokyo:patch_2_hotfix_1:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:tokyo:patch_2_hotfix_2:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:tokyo:patch_2_hotfix_3:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:tokyo:patch_2_hotfix_4:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:tokyo:patch_3_hotfix_1:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:tokyo:patch_3_hotfix_2:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:tokyo:patch_3_hotfix_3:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:tokyo:patch_3_hotfix_4:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:tokyo:patch_4:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:san_diego:patch_9:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:san_diego:patch_7a:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:san_diego:patch_7_hotfix_1:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:san_diego:patch_7_hotfix_2:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:san_diego:patch_7_hottix_3:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:san_diego:patch_8_hotfix_1:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:san_diego:patch_8_hotfix_2:*:*:*:*:*:* |
References
- https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1262967
- https://www.linkedin.com/in/osamay/
Change History
Date | Note |
---|---|
2023-05-23 | Initial publication |
2023-05-23 | Last updated |