PT-2022-24418 · Servicenow · Servicenow
Published
2022-08-23
·
Updated
2024-02-16
·
CVE-2022-38463
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
ServiceNow versions through San Diego Patch 4b and Patch 6
Description
The issue allows reflected XSS in the logout functionality. This can potentially be exploited by attackers to execute malicious scripts on user systems.
Recommendations
For versions through San Diego Patch 4b and Patch 6, update to a version later than San Diego Patch 6 to resolve the issue.
As a temporary workaround, consider restricting access to the logout functionality until a patch is available.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Servicenow