PT-2023-14143 · Servicenow · Servicenow
Published
2023-01-12
·
Updated
2025-04-09
·
CVE-2022-42704
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
ServiceNow versions Quebec through San Diego
Description
A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script via the Standard Ticket Conversations widget in the Employee Service Center and Service Portal.
Recommendations
For versions Quebec through San Diego, update to a version that includes a fix for this issue.
As a temporary workaround, consider restricting access to the Standard Ticket Conversations widget until a patch is available.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Servicenow