Description:
There exists a reflected XSS within the logout functionality of ServiceNow. This enables an unauthenticated remote attacker to execute arbitrary JavaScript.
Steal cookies to account takeover.
█████
CVE-2022-38463
1.Go to https://████/logout_redirect.do?sysparm_url=//j\\javascript%3Aalert(document.domain)
2.You will see alert box like this.
███████