ServiceNow has released upgrades and patches that address a Reflected Cross-Site scripting (XSS) vulnerability that was identified in the ServiceNow Polaris Layout. This vulnerability would enable an authenticated user to inject arbitrary scripts.
References
Link | Resource |
---|---|
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1310230 | Vendor Advisory |
https://www.linkedin.com/in/osamay/ | Not Applicable |
Configurations
Configuration 1 (hide)
|
History
14 Jul 2023, 19:51
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.linkedin.com/in/osamay/ - Not Applicable | |
References | (MISC) https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1310230 - Vendor Advisory | |
First Time |
Servicenow servicenow
Servicenow |
|
CWE | CWE-79 | |
CPE | cpe:2.3:a:servicenow:servicenow:san_diego:patch_7:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:san_diego:patch_9b:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:san_diego:patch_4a:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:tokyo:patch_5_hotfix_3:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:san_diego:patch_9a_hotfix_1:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_1:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:san_diego:patch_1_hotfix_1a:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:tokyo:patch_3_hotfix_4:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:tokyo:patch_1_hotfix_1:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:san_diego:patch_1:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:san_diego:patch_8:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_3:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:san_diego:patch_4b:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:tokyo:patch_1b:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:san_diego:patch_7_hotfix_1:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:tokyo:patch_4_hotfix_2:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:tokyo:patch_4_hotfix_3:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:san_diego:patch_7_hotfix_2:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:san_diego:patch_1_hotfix_1:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:san_diego:patch_9:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:san_diego:patch_7_hottix_3:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:tokyo:patch_5_hotfix_2:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:san_diego:patch_5:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:san_diego:patch_6:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:tokyo:patch_1a:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:san_diego:patch_2:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:tokyo:patch_3_hotfix_1:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:tokyo:patch_2_hotfix_1:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:san_diego:patch_8_hotfix_2:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:tokyo:patch_3_hotfix_2:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:tokyo:patch_5_hotfix_1:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:san_diego:patch_7b:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:tokyo:patch_4:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:san_diego:patch_2_hotfix_1:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:tokyo:patch_5:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_2:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:tokyo:patch_2:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:san_diego:patch_1_hotfix_1b:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:tokyo:patch_4a_hotfix_1:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:tokyo:patch_3:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:tokyo:patch_2_hotfix_3:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:tokyo:patch_1:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:san_diego:patch_3:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:tokyo:patch_2_hotfix_2:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:tokyo:-:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:tokyo:patch_2_hotfix_4:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:san_diego:patch_8_hotfix_1:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:tokyo:patch_3_hotfix_3:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_4:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:san_diego:patch_4:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:san_diego:patch_7a:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:tokyo:patch_4a:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:utah:patch1:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:san_diego:patch_9a:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
07 Jul 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
06 Jul 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-07-06 18:15
Updated : 2024-02-28 20:13
NVD link : CVE-2023-1298
Mitre link : CVE-2023-1298
CVE.ORG link : CVE-2023-1298
JSON object : View
Products Affected
servicenow
- servicenow
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')