Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
hackeroneTestingforbugsH1:1681178
HistoryAug 26, 2022 - 10:08 a.m.

U.S. Dept Of Defense: Reflected XSS at https://██████/

2022-08-2610:08:17
testingforbugs
hackerone.com
9
servicenow
xss
remote execution
security vulnerability
cookie theft
cve-2022-38463
mitigation.

EPSS

0.002

Percentile

54.7%

JSON

Description:
There exists a reflected XSS within the logout functionality of ServiceNow. This enables an unauthenticated remote attacker to execute arbitrary JavaScript.

References

Impact

Steal cookies to account takeover.

System Host(s)

█████

Affected Product(s) and Version(s)

CVE Numbers

CVE-2022-38463

Steps to Reproduce

1.Go to https://████/logout_redirect.do?sysparm_url=//j\\javascript%3Aalert(document.domain)
2.You will see alert box like this.
███████

Suggested Mitigation/Remediation Actions

Related

prion 1
cvelist 1
hackerone 2
nuclei 1
cve 1
nvd 1
prion
prion
Cross site scripting
2022-08-23 19:15:00
cvelist
cvelist
CVE-2022-38463
2022-08-23 18:07:57
hackerone
hackerone
U.S. Dept Of Defense: XSS DUE TO CVE-2022-38463 in https://████████
2022-08-26 11:00:51
U.S. Dept Of Defense: XSS in ServiceNow logout https://████:443
2022-09-14 10:48:09
nuclei
nuclei
ServiceNow - Cross-Site Scripting
2022-08-25 14:42:25
cve
cve
CVE-2022-38463
2022-08-23 19:15:09
nvd
nvd
CVE-2022-38463
2022-08-23 19:15:09

EPSS

0.002

Percentile

54.7%

JSON
Related for H1:1681178
prion1cvelist1hackerone2nuclei1cve1nvd1