CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
21.4%
ServiceNow IT Service Management Kingston through Patch 14-1, London through Patch 7, and Madrid before patch 4 allow stored XSS via crafted sysparm_item_guid and sys_id parameters in an Incident Request to service_catalog.do.
Vendor | Product | Version | CPE |
---|---|---|---|
servicenow | it_service_management | kingston | cpe:2.3:a:servicenow:it_service_management:kingston:-:*:*:*:*:*:* |
servicenow | it_service_management | kingston | cpe:2.3:a:servicenow:it_service_management:kingston:patch_1:*:*:*:*:*:* |
servicenow | it_service_management | kingston | cpe:2.3:a:servicenow:it_service_management:kingston:patch_10:*:*:*:*:*:* |
servicenow | it_service_management | kingston | cpe:2.3:a:servicenow:it_service_management:kingston:patch_10-1:*:*:*:*:*:* |
servicenow | it_service_management | kingston | cpe:2.3:a:servicenow:it_service_management:kingston:patch_10-2:*:*:*:*:*:* |
servicenow | it_service_management | kingston | cpe:2.3:a:servicenow:it_service_management:kingston:patch_11:*:*:*:*:*:* |
servicenow | it_service_management | kingston | cpe:2.3:a:servicenow:it_service_management:kingston:patch_12:*:*:*:*:*:* |
servicenow | it_service_management | kingston | cpe:2.3:a:servicenow:it_service_management:kingston:patch_12-1:*:*:*:*:*:* |
servicenow | it_service_management | kingston | cpe:2.3:a:servicenow:it_service_management:kingston:patch_12-2:*:*:*:*:*:* |
servicenow | it_service_management | kingston | cpe:2.3:a:servicenow:it_service_management:kingston:patch_13:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
21.4%