CVE-2019-20768

ServiceNow IT Service Management Kingston through Patch 14-1, London through Patch 7, and Madrid before patch 4 allow stored XSS via crafted sysparm_item_guid and sys_id parameters in an Incident Request to service_catalog.do.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:servicenow:it_service_management:kingston:-:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:kingston:patch_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:kingston:patch_10:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:kingston:patch_10-1:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:kingston:patch_10-2:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:kingston:patch_11:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:kingston:patch_12:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:kingston:patch_12-1:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:kingston:patch_12-2:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:kingston:patch_13:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:kingston:patch_14:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:kingston:patch_14-1:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:kingston:patch_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:kingston:patch_3:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:kingston:patch_3-1:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:kingston:patch_3-2:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:kingston:patch_3a-1:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:kingston:patch_4:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:kingston:patch_4-1:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:kingston:patch_4-2:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:kingston:patch_4-4:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:kingston:patch_5:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:kingston:patch_6:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:kingston:patch_6-1:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:kingston:patch_6-2:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:kingston:patch_6-3:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:kingston:patch_6-5:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:kingston:patch_7:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:kingston:patch_7-1:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:kingston:patch_8:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:kingston:patch_8-1:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:kingston:patch_9:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:london:-:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:london:patch_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:london:patch_1-2:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:london:patch_1-3:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:london:patch_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:london:patch_2-2:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:london:patch_2-4:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:london:patch_2-5:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:london:patch_3:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:london:patch_3-3:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:london:patch_3-4:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:london:patch_4:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:london:patch_4-1:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:london:patch_4-2:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:london:patch_4-3:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:london:patch_4-4:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:london:patch_4-5:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:london:patch_4-6:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:london:patch_5:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:london:patch_5-1:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:london:patch_6:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:london:patch_6-1:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:london:patch_6a-1:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:london:patch_6b-1:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:london:patch_7:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:madrid:-:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:madrid:patch_0-1:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:madrid:patch_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:madrid:patch_1-1:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:madrid:patch_1-2:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:madrid:patch_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:madrid:patch_3:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:madrid:patch_3-1:*:*:*:*:*:*
cpe:2.3:a:servicenow:it_service_management:madrid:patch_3-2:*:*:*:*:*:*

History

21 Nov 2024, 04:39

Type Values Removed Values Added
References () https://outpost24.com/blog/Responsible-disclosure-Multiple-stored-XSS-vulnerabilities-discovered-in-ServiceNow-ITSM - Exploit, Third Party Advisory () https://outpost24.com/blog/Responsible-disclosure-Multiple-stored-XSS-vulnerabilities-discovered-in-ServiceNow-ITSM - Exploit, Third Party Advisory
References () https://outpost24.com/blog?tags=307 - Third Party Advisory () https://outpost24.com/blog?tags=307 - Third Party Advisory

Information

Published : 2020-05-05 22:15

Updated : 2024-11-21 04:39


NVD link : CVE-2019-20768

Mitre link : CVE-2019-20768

CVE.ORG link : CVE-2019-20768


JSON object : View

Products Affected

servicenow

  • it_service_management
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')